CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

PT-2026-44465

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 29.0.2 Description A privilege escalation issue exists where an attacker with a member role on a project can escalate their privileges to admin. This is achieved by chaining unrestricted application...

GHSA-FJ52-5G4H-GMQ8 pyLoad's Session Not Invalidated After Permission Changes

Summary The pyload application does not properly invalidate or modify sessions upon changes made to a user's permissions. Details Whenever an administrator changes the permissions a specific account has, they do not expect that account still being able to access data that their new permissions do...

CVE-2025-63563

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...

CVE-2023-32199

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

EUVD-2025-36381

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...

Malicious code in @testcarrot/supply7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b3fc279837edb0be645020c30f0d706a43f965e28e6efef716e2283301fe06e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-38696

ParsedReport ChatGPT Translated Autotext: TI Report Analyser + ChatGPT + Auto Translate ------ Группа компаний Belsen, действующая с января 2025 года, допустила утечку 1,6 ГБ данных с более чем 15 000 уязвимых устройств Fortinet из-за CVE-2022-406841, что указывает на постоянный доступ до взлома...

Linux Distros Unpatched Vulnerability : CVE-2020-13304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an...

Privilege Escalation

poetry is vulnerable to privilege escalation. The vulnerability exists because the getsystemenv function of env.py does not properly validate the absolute path in windows operating systems, allowing an attacker to inject and execute malicious code and steal the credentials or persist their access...

Malicious code in sq-jsith-test-npm-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd7ef60a25a9c90132094be820194887c51be618dc8d74a3cdb86d9d68f418f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2021-14925 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.8 through 14.0.9 GitLab versions 14.1 through 14.1.4 GitLab versions 14.2 through 14.2.2 Description: An issue has been discovered in GitLab where, under specialized conditions, an invited group member may continue to have...