ServiceNow AI Platform 安全漏洞

ServiceNow AI Platform is an AI intelligence platform from ServiceNow, Inc. in the United States. ServiceNow AI Platform has a security vulnerability that originates from an unauthenticated user being able to impersonate another user and perform actions that they are authorized to perform...

EUVD-2006-0445

Malware in sbrugna...

EUVD-2025-31763

Malicious code in bioql PyPI...

EUVD-2025-31765

Malicious code in bioql PyPI...

CVE-2025-23292

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service UI component...

CVE-2025-23291

NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure...

CVE-2025-23293

The CVE-2025-23293 issue affects the NVIDIA Delegated Licensing Service (DLS) for all appliance platforms. Affected component: DLS; root cause described as an access control/authorization flaw that could allow an attacker to perform an authorized action, potentially leading to information disclos...

CVE-2025-23291

NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to information disclosure...

PT-2025-40015

Name of the Vulnerable Software and Affected Versions NVIDIA Delegated Licensing Service affected versions not specified Description The NVIDIA Delegated Licensing Service for all appliance platforms has a flaw that could allow a user or attacker to trigger an authorized action. Exploitation of...

PT-2025-40016

Name of the Vulnerable Software and Affected Versions NVIDIA Delegated Licensing Service affected versions not specified Description The NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection issue. An attacker may be able to cause an authorized action, potentiall...

CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

Privilege Escalation

github.com/gravitl/netmaker is vulnerable to Privilege Escalation. The vulnerability exists due to improper permission validation for non-admin users, which allows an attacker to perform authorized actions on users, such as changing roles...

Cross site request forgery (csrf)

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

Improper Access Control in janeczku/calibre-web

Description Although a user has no permissions about public shelves, he can create them. Proof of Concept The method createshelf at shelf.py does not check if the user has public shelf permissions for create it. @shelf.route"/shelf/create", methods="GET", "POST" @loginrequired def createshelf:...

Snowfox CMS 1.0 Cross Site Request Forgery

input type="hidden" name="userGroups...