Missing Authentication for Critical Function

Overview network-ai is an AI agent orchestration framework for TypeScript/Node.js - 29 adapters LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw, A2A, Codex, MiniMax, NemoClaw, APS, Copilot, LangGraph, Anthropic Compu Affected version...

PT-2026-3059

Name of the Vulnerable Software and Affected Versions Ludashi driver versions prior to 5.1025 Description A local information disclosure issue exists in the Ludashi driver due to insufficient access control within the IOCTL handler. The driver provides a device interface accessible to standard...

CVE-2019-18457

An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions...

CVE-2020-7988

An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lac...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

EUVD-2019-8207

Malware in sbrugna...

EUVD-2019-8938

Malware in sbrugna...

EUVD-2023-34328

Malicious code in bioql PyPI...

EUVD-2024-1332

Malicious code in bioql PyPI...

EUVD-2023-40555

Malicious code in bioql PyPI...

CVE-2024-27086

The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2025-09236)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site request forgery vulnerability that stems from the lack of an anti-cross-site request forgery...

CVE-2025-25748

A CSRF vulnerability in the gestioneutenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions e.g., modifying user passwords on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disput...

CVE-2022-21817

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing CORS vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code...

CVE-2025-0498

A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate another user...

PT-2025-4513 · Unknown · Tock Widget

Name of the Vulnerable Software and Affected Versions: Tock Widget versions n/a through 1.1 Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This is a type of attack where an attacker can trick a user into performing...

CVE-2024-49214

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the handling of GSS message tokens. An attacker can manipulate or disrupt the integrity of the security context by crafting malformed tokens. Remediation A fix was pushed into the master branch but not...

PT-2024-40480 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue arises from the LoginForm calling the disableSecurityToken function, which leads to a "shared host domain" vulnerability. This vulnerability is related to the way security...

CVE-2024-27086

The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...