ZCyberNews
中文

#open-source

7 articles

This archive collects 14 articles tagged open-source published between April 12, 2026 and May 10, 2026, giving security teams a focused view of how this topic has appeared across ZCyberNews coverage. Recent coverage references CVE-2026-25874, CVE-2026-33626, and CVE-2026-8114, with each report tied to the specific vulnerability context available in the source article. The affected-scope signals emphasize technology, research, and software development across Global, helping readers compare exposure patterns without adding claims beyond the archive data. Severity coverage includes 3 critical, 2 high, 3 medium, and 5 informational reports.

Emlog CSRF Flaw CVE-2026-42286 Lets Attackers Hijack Admin ActionsHIGH
Vulnerabilities

Emlog CSRF Flaw CVE-2026-42286 Lets Attackers Hijack Admin Actions

CVE-2026-42286: Missing CSRF protection in Emlog prior to 2.6.11 lets attackers trick authenticated admins into unauthorized plugin management and config changes.

CVE-2026-42286
3 min read
JeecgBoot SQLi Flaw CVE-2026-8114 Exploit Publicly AvailableMEDIUM
Vulnerabilities

JeecgBoot SQLi Flaw CVE-2026-8114 Exploit Publicly Available

CVE-2026-8114 (CVSS 6.5) in JeecgBoot up to 3.9.1 enables remote SQL injection via the /sys/dict/loadTreeData endpoint. Exploit code is public.

CVE-2026-8114
3 min read
PyTorch Lightning Compromised in PyPI Supply Chain AttackCRITICAL
Malware

PyTorch Lightning Compromised in PyPI Supply Chain Attack

Threat actors pushed malicious PyTorch Lightning versions 2.6.2 and 2.6.3 to PyPI on April 30, 2026, stealing credentials via a typosquatted dependency — Aikido Security, Socket,…

2 min read
CVE-2026-25874: Unpatched RCE Flaw in Hugging Face LeRobotCRITICAL
Vulnerabilities

CVE-2026-25874: Unpatched RCE Flaw in Hugging Face LeRobot

CVE-2026-25874 (CVSS 9.3) in Hugging Face LeRobot enables unauthenticated RCE via unsafe deserialization.

CVE-2026-25874
2 min read
LMDeploy SSRF Flaw CVE-2026-33626 Exploited 13 Hours After DisclosureHIGH
Vulnerabilities

LMDeploy SSRF Flaw CVE-2026-33626 Exploited 13 Hours After Disclosure

CVE-2026-33626 (CVSS 7.5) in LMDeploy, an open-source LLM toolkit, was exploited in the wild within 13 hours of public disclosure, enabling SSRF attacks to access sensitive…

CVE-2026-33626
3 min read
Legitify Open-Source Tool Scans GitHub, GitLab for Security MisconfigurationsINFORMATIONAL
Tools & Techniques

Legitify Open-Source Tool Scans GitHub, GitLab for Security Misconfigurations

Legit Security releases Legitify, an open-source scanner that identifies security misconfigurations in GitHub and GitLab organizations, repositories, and CI/CD runners to combat software supply chain risks.

4 min read
Oberon System 3 Native Port for Raspberry Pi Raises Supply Chain Security ConcernsMEDIUM
Threat Intel

Oberon System 3 Native Port for Raspberry Pi Raises Supply Chain Security Concerns

A native port of the Oberon System 3 for Raspberry Pi 3, distributed via a pre-configured SD card image, presents a potential supply chain attack vector. The image's provenance and integrity cannot be fully verified, highlighting risks in third-party firmware distribution.

4 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.