CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

● Live advisory feed

Security Advisory Fusion for CSIRTs, SOCs & Defenders

Security advisories from 24 sources — CISA, CERT-EU, NCSC-UK, BSI, CERT-FR, NCSC-NL, JPCERT/CC, JVN, HKCERT, the Canadian Cyber Centre, NVD, GitHub, Microsoft, Cisco, Fortinet, Palo Alto Networks and more — normalized, translated to English and flagged against the CISA KEV catalog. One global feed for CSIRTs, SOCs and defenders.

Advisories tracked
9,177
Known exploited
1,706
Sources online
24
Last sync
47M AGO
530 records · page 9 / 11

GHSA-mv8x-fg99-32mf: hermes-agent has an Injection issue

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires

lowCVSS 5.6CVE-2026-10222ghsa2026-06-01

GHSA-6jm8-4fhr-5w64: GoClaw has a Command Injection issue

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write_file Tool. Performing a manipulation results in os command injection. The attack is possible to be carri

mediumCVSS 7.3CVE-2026-10219ghsa2026-06-01

GHSA-fwgq-j9r9-qjgr: Casdoor has an authentication bypass

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of usin

criticalCVSS 9.1CVE-2026-9090ghsa2026-05-28
← NewerOlder →