CVE-2026-46840

Vulnerability in Oracle REST Data Services component: Backend-as-a-Service. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in...

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. There are security vulnerabilities in versions 24.2.0 to 26.1.0 of Oracle REST Data Services. These vulnerabiliti...

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

CVE-2025-62311 HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels.

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

PT-2026-40954

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

EUVD-2026-29869

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

PT-2026-40452

Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21 Description A sandbox escape exists in the custom Python tool executor. Authenticated workflow authors can bypass sandbox restrictions using object-graph introspection primitives. By employing Python introspection...

PT-2026-40054

Name of the Vulnerable Software and Affected Versions nexent version 1.7.5.2 Description The backend service contains an unauthorized arbitrary file deletion issue within its ElasticSearch service interface. The 'DELETE /index name/documents' endpoint lacks proper authentication and authorization...

CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

ITeCProteccioAppServer 代码问题漏洞

ITeCProteccioAppServer is a backend service component from ITeC. A code issue vulnerability exists in ITeCProteccioAppServer that stems from the service path not being quoted, which could allow a local attacker to execute code and elevate system privileges...

Palantir Glutton 安全漏洞

Palantir Glutton is a back-end service module from Palantir USA. A security vulnerability exists in Palantir Glutton that originates from an unauthenticated service endpoint and could lead to unauthorized data manipulation...

CVE-2025-41341

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'...

Missing Authentication

Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...

EUVD-2025-37744

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...

CVE-2025-41336 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'...

CVE-2025-41111

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarComentariosByDenuncia.php'...

CVE-2025-41113 Missing Authorization vulnerability in CanalDenuncia.app

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'iddenuncia' in '/backend/api/buscarDenunciaByPin.php'...

EUVD-2014-2621

Malware in sbrugna...

EUVD-2024-37245

Malicious code in bioql PyPI...

EUVD-2025-9560

Malicious code in bioql PyPI...