BIT-MLFLOW-2025-14287 Command Injection in mlflow/mlflow

A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...

BIT-LIBPYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

[SECURITY] Fedora 44 Update: kde-cli-tools-6.6.4-1.fc44

Provides several KDE and Plasma specific command line tools to allow better interaction with the system...

@saltcorn/cli (>=1.5.0 <=1.5.5-beta.0), @saltcorn/mobile-builder (>=1.5.0 <=1.5.5-beta.0) potentially affected by CVE-2026-42259 via @saltcorn/server (>=1.5.0-beta.0 <=1.5.5)

@saltcorn/server NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: CVE-2026-42259 Source advisory: SNYK:JS-SALTCORNSERVER-16111017...

Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode

Summary Several API endpoints in authenticated mode have no authentication at all. They respond to completely unauthenticated requests with sensitive data or allow state-changing operations. No account, no session, no API key needed. Verified against the latest version. Discord: sagi03581 Steps t...

Home Assistant Command-line Interface: Handling of user-supplied Jinja2 templates

Impact Up to 1.0.0 of home-assitant-cli or hass-cli for short an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no restrictions. This gave users access to Python's internals and...

CVE-2026-6442

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent...

Code Injection

Handlebars is vulnerable to code injection. The vulnerability is due to improper sanitization of user-controlled inputs in the CLI precompiler, which allows an attacker to inject arbitrary JavaScript via crafted template filenames or CLI arguments and execute it when the generated code is run...

Important: Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency

The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

CVE-2026-3861

LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...

CVE-2026-3861

Affected software: LINE client for iOS (versions prior to 26.3.0). Vulnerability details: In the in-app browser, opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially making the iOS device temporarily ino...

CVE-2026-6351

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

CVE-2026-6351 Openfind｜MailGates/MailAudit - CRLF Injection

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files...

PT-2026-33270

Name of the Vulnerable Software and Affected Versions LINE client for iOS versions prior to 26.3.0 Description An issue exists in the in-app browser where opening a specially crafted web page can repeatedly trigger OS-level dialogs. This behavior can lead to a denial of service, potentially causi...

Line Corporation Line Client For Ios 安全漏洞

Line Corporation Line Client For Ios is a communication application developed by the Japanese company Line Corporation. Versions of Line Corporation Line Client For Ios prior to version 26.3.0 contained security vulnerabilities. These vulnerabilities were due to issues with the browser within the...

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-19420)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the wanlinedetection.asp script, which can be exploited by an attacker to cause a denial of service...