BIT-MLFLOW-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

CVE-2026-43997

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbolnodejs.util.inspect.custom. This vulnerability...

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

PT-2026-29125

Name of the Vulnerable Software and Affected Versions Botan versions 3.0.0 through 3.10.9 Description Botan is a C++ cryptography library. During X509 path validation, versions prior to 3.11.0 did not verify the signature of Online Certificate Status Protocol OCSP responses, only checking for an...

EUVD-2026-14706

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

CVE-2026-4738

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

CVE-2026-4738

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

PT-2026-27316

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.11.0 Description A flaw exists in OSGeo gdal related to improper restriction of operations within the bounds of a memory buffer. This issue is located in the frmts/zlib/contrib/infback9 modules, specifically with...

Intel ACAT 代码问题漏洞

Intel ACAT is an open source platform from Intel Corporation USA. A code issue vulnerability exists in Intel ACAT versions prior to 3.11.0 that stems from an uncontrolled search path. An attacker can exploit the vulnerability to elevate privileges...

CVE-2020-24621

A remote code execution RCE vulnerability was discovered in the htmlformentry aka HTML Form Entry module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed...

CVE-2017-10839

SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...