Ironic Standalone Operator's controller modifies user-owned resources without consent

Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. IRSO controller automatically adds its environment label to user-provided Secrets and ConfigMaps without the resource owner's consent. A high-privilege controller modifying user-owned resources...

GHSA-HFC8-W5F4-3X6M Ironic Standalone Operator's controller modifies user-owned resources without consent

Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. IRSO controller automatically adds its environment label to user-provided Secrets and ConfigMaps without the resource owner's consent. A high-privilege controller modifying user-owned resources...

EUVD-2026-22292

jsPDF Vulnerable to Stored XMP Metadata Injection Spoofing & Integrity Violation...

GHSA-G6PG-52VF-843H MLFlow allows Tracing + Assessments Access

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...

ormar 安全漏洞

ORMar is a Python ORM library developed by Collerek’s individual developers. Versions of Ormar prior to 0.23.0 contain security vulnerabilities. These vulnerabilities stem from Pydantic validation bypasses in the model constructor. This allows unvalidated users to bypass field validations by...

jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)

Impact User control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or...

CVE-2023-49312

Precision Bridge PrecisionBridge.exe aka the thick client before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address...

EUVD-2006-2202

Malware in sbrugna...

EUVD-2024-1066

Malicious code in bioql PyPI...

EUVD-2024-1337

Malicious code in bioql PyPI...

EUVD-2025-20349

Malicious code in bioql PyPI...

EUVD-2023-32652

Malicious code in bioql PyPI...

EUVD-2023-53297

Malicious code in bioql PyPI...

Advisory ROSA-SA-2025-2903

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-9.rv3 CVE-ID: CVE-2009-1387 BDU-ID: 2015-09404 CVE-Crit: MEDIUM CVE-DESC.: Multiple vulnerabilities in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system, the exploitation of whic...

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

CVE-2024-31454

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.2.0, the absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution. The...

CVE-2024-7767 Improper Access Control in danswer-ai/danswer

An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This vulnerability allows the first user created in the system to view, modify, and delete chats created by an Admin. This can lead to unauthorized access to sensitive information, loss of data integrity, and...

[SECURITY] [DLA 3920-1] php7.4 security update

Debian LTS Advisory DLA-3920-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin October 14, 2024 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u6 CVE ID : CVE-2022-4900 CVE-2024-5458 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026 Debian Bug : 10728...

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

U.S. Dept Of Defense: XML External Entity (XXE) Injection

The vulnerability is an XML external entity XXE injection flaw. XXE vulnerabilities occur when an application parses XML input that contains a reference to an external entity. When the XML parser is improperly configured to process external entities, it can lead to unauthorized access to sensitiv...