Tagged: Cybersecurity Alert

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. More information : https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. More information : https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. More information : https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak More information : https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. More information : https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. More information : https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. More information : https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2056566978633801728

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backend/backend/blocks/email_block.py accepts a user-supplied smtp_server (string) and smtp_port (integer) as per-execution block...

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured...

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.0 and 2.28.1 allow a low-privileged authenticated user assigned the “add_profile_threshold” permission to create a global profile despite not having manage_global_profile_threshold, by tampering...

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled...

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path...

Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes...

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue...