66 matches found
EUVD-2026-42283
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...
CVE-2026-15044 Trustyai-service-operator: trustyai service operator: unauthenticated access to ai guardrails and orchestrator apis
A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...
PT-2026-56458
Name of the Vulnerable Software and Affected Versions TrustyAI Service Operator affected versions not specified Description A flaw in the TrustyAI Service Operator occurs when deploying services such as gorch or NemoGuardrails. If a specific security setting is not enabled, these services expose...
UBUNTU-CVE-2026-12243
NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection...
CVE-2026-40495
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
BIT-JOOMLA-2026-48902 Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set...
CVE-2026-48902
CVE-2026-48902 affects Joomla! Core. The password/username reset features generate plain http links for https connections when Force SSL is not explicitly enabled, enabling possible credential exposure via downgraded transport. The issue is documented across multiple feeds (e.g., JOOMLA-1050) and...
CVE-2026-30495
The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...
AZL-79649 CVE-2026-27142 affecting package tensorflow 2.16.1-11
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
EUVD-2005-4764
Malware in sbrugna...
EUVD-2024-17317
Malicious code in bioql PyPI...
GHSA-WQ2J-W9PM-7X2P DNN allows loading unused themes on anonymous clients through query parameters
Summary Arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. Details Many people who run DNN sites have a number of installed theme...
CVE-2024-43382
Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the Snowflake JDBC driver
Summary Multiple vulnerabilities in the Snowflake JDBC driver that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A remote...
PT-2025-4489 · Mattermost +1 · Mattermost +1
Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.x through 10.2 Description: The issue arises from Mattermost's failure to accurately reflect missing settings, leading to confusion among administrators regarding a Calls security-sensitive configuration due to incorrec...
Incorrect Security Setting
net.snowflake, snowflake-jdbc is vulnerable to an Incorrect Security Setting. The vulnerability is due to data being uploaded to an encrypted stage without client-side encryption, allowing unauthorized parties to access or modify sensitive information...
CVE-2024-43382
Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...
Snowflake JDBC Security Advisory
Impacted Products Snowflake JDBC driver versions = 3.2.6 & = 3.19.1 are affected. Introduction Snowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...
CVE-2024-43382
CVE-2024-43382 affects Snowflake JDBC driver bug where versions 3.2.6–3.19.1 have an incorrect security setting that can allow data to be uploaded to an encrypted stage without the extra protection of client-side encryption. The root cause is an insufficient security configuration, potentially ex...