CVE-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

GO-2026-4356 Dragonfly Manager Job API Unauthenticated Access in d7y.io/dragonfly

Dragonfly Manager Job API Unauthenticated Access in d7y.io/dragonfly...

CVE-2026-24124

Dragonfly CVE-2026-24124 describes an unauthenticated access flaw in the Manager Job API. In versions 2.4.1-rc.0 and earlier, the Job API endpoints under /api/v1/jobs lack JWT authentication middleware and RBAC checks, allowing unauthenticated users with Manager API access to view, create, modify...

CVE-2023-29923

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface...

GHSA-5C86-GPVC-FP53 PowerJob vulnerable to Insecure Permissions

PowerJob V4.3.1 is vulnerable to Insecure Permissions via the list job interface...

CVE-2023-29923

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface...

CVE-2023-29923

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface...

Design/Logic Flaw

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface...

Inject-Assembly - Inject .NET Assemblies Into An Existing Process

This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly. There are t...

cPanel Cross-Site Scripting Vulnerability (CNVD-2020-55179)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 90.0.10, which stems from allowing SELF XSS via the Cron...

aaPanel Remote Code Execution Vulnerability

aaPanel is a simple but powerful control panel for Linux servers. A remote code execution vulnerability exists in aaPanel 6.6.6 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands via the Script Content box on the Add Cron Job interface...