CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

CVE-2026-10591 Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

PT-2026-45768

Name of the Vulnerable Software and Affected Versions Amazon Kiro IDE versions prior to 0.11 Description Insufficient access control restrictions in the file write tool allow remote unauthenticated actors to execute arbitrary commands. This is achieved by using crafted instructions to write to...

CLEANSTART-2026-FN44356 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.10-r0, 0.11-r0, 0.9-r0, 0.9-r1, 0.9-r2

Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

ado-vllm-performance (=1.2.2), agentclinic (=0.1.0) +23 more potentially affected by CVE-2025-66448 via vllm (>=0.10.0 <=0.11.0)

vllm PYPI version =0.10.0, =0.0.0, =2.3.5, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.4, =0.1.0, =0.1.5, =1.0.0, =1.2.6 - haerae-evaluation-toolkit =0.1.0 - hedge-bench =0.1.2 and more Source cves: CVE-2025-66448 Source advisory: SNYK:PYTHON-VLLM-14157153...

CVE-2025-65100

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISARAPTSNAPSHOTDATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb...

CVE-2025-65100 Security Snapshot May Use Unintended Timestamp When Only ISAR_APT_SNAPSHOT_DATE Is Set

Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISARAPTSNAPSHOTDATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb...

Isar 安全漏洞

Isar is a file generation script open-sourced by ilbers GmbH. A security vulnerability exists in Isar versions 0.11-rc1 and 0.11, which stems from the fact that a separate definition of ISARAPTSNAPSHOTDATE fails to set the correct timestamps for security distributions, resulting in missed securit...

CVE-2025-12184

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2025-12184 MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting

The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

PT-2025-45012

Name of the Vulnerable Software and Affected Versions MeetingList plugin for WordPress versions prior to 0.11 Description The software is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping. This allows authenticated attackers...

EUVD-2008-0569

Malware in sbrugna...

EUVD-2021-21307

Malware in sbrugna...

EUVD-2005-1738

Malware in sbrugna...

EUVD-2009-3317

Malware in sbrugna...

EUVD-2024-39636

Malicious code in bioql PyPI...

EUVD-2022-25253

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-8697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - stalin 0.11-5 allows local users to write to arbitrary files. CVE-2015-8697 Note that Nessus relies on the presence of the package as reported by the vendor...