Malicious code in changelog-utils-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 766b0a70c145b6eea78f6d7852be0ff75da958b1c0f465aa5108a1acabb5e9b2 The package changelog-utils-logger was found to contain malicious code. Source: ghsa-malware...

CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.

Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...

CVE-2025-40768

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application...

Files Or Directories Accessible To External Parties

Apache Kylin is vulnerable to Files or Directories Accessible to External Parties. The vulnerability is due to improper access controls on certain files or directories, which allows an attacker to access resources that should be restricted if administrative access is not adequately protected...

EUVD-2025-24234

Malicious code in bioql PyPI...

Files or Directories Accessible to External Parties

Overview org.apache.kylin:kylin-server is an analytics Engine, contributed by eBay Inc., provides SQL interface and multi-dimensional analysis OLAP on Hadoop supporting extremely large datasets. Affected versions of this package are vulnerable to Files or Directories Accessible to External Partie...

CVE-2025-40768

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application...

CVE-2025-40768

CVE-2025-40768 affects Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) versions prior to 3.0. The vulnerability stems from the application exposing an internal service port that can be accessed from outside the system, potentially allowing an unauthorized attacker to access the application. P...

Malicious code in ui-router-cool-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7f8cdbad7d217500262088af80552709596ed86e414e2a6c3214b5a40efb8057 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Files or Directories Accessible to External Parties

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

CVE-2025-24858

Develocity formerly Gradle Enterprise before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection...

Malicious code in p-oauth2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1863799825b7c600296f1bea1286732b9e0b1268b0e663d8646f0b17419d00f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-22254 · Gl.Inet · Gl-Inet A1300 +14

Name of the Vulnerable Software and Affected Versions: GL-iNet MT6000 versions 4.3.10 through 4.5.6 GL-iNet XE3000 version 4.4.5 GL-iNet X3000 version 4.4.6 GL-iNet MT3000 version 4.5.0 GL-iNet MT2500 version 4.5.0 GL-iNet AXT1800 version 4.5.0 GL-iNet AX1800 version 4.5.0 GL-iNet A1300 version...

PYSEC-2024-260

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...

CVE-2022-41738

IBM Storage Scale Container Native Storage Access 5.1.2.1 -through 5.1.7.0 could allow an attacker to initiate connections to containers from external networks. IBM X-Force ID: 237812...

Exploit for Files or Directories Accessible to External Parties in Redhat Ansible_Tower

CVE-2021-20253: Privilege Escalation via Job Isolation Escape...

CVE-2022-26665

An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records...