CVE-2026-44971

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15156)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has an information disclosure vulnerability that stems...

CVE-2026-22174

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the...

EUVD-2025-208707

Raytha CMS allows an attacker to spoof X-Forwarded-Host or Host headers to attacker controlled domain. The attacker who knows the victim's email address can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser...

Raytha CMS 安全漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained security vulnerabilities. These vulnerabilities stemmed from allowing attackers to manipulate the X-Forwarded-Host or Host header to point to a domain controlled by...

CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

Statamic 授权问题漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. Versions of Statamic prior to 6.3.3 and 5.73.10 contained authorization vulnerabilities due to defects in the password...

PT-2026-21809

Name of the Vulnerable Software and Affected Versions Statmatic versions prior to 6.3.3 Statmatic versions prior to 5.73.10 Description An attacker can exploit a flaw in the password reset functionality to obtain a user's token and subsequently reset their password. The attacker requires the emai...

Exploit for Session Fixation in Ollama

CVE-2025-51471 - Ollama Cross-Domain Token Exposure PoC !CVE...

EUVD-2025-201926

A vulnerability has been identified in Gridscale X Prepay All versions V4.2.1. The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid user sessions...

EUVD-2023-2079

Malicious code in bioql PyPI...

CVE-2024-53983

The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection SSTI can be exploited to perform Git config injection. The vulnerability allows an...

CVE-2023-37957

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token...

CVE-2023-37957

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token...

多款Siemens产品代码问题漏洞

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Umbraco 环境问题漏洞

Umbraco is an open source Content Management System CMS written in C by Umbraco, Denmark. The Umbraco CMS is vulnerable to an environmental issue that could allow an attacker to change the URL that a user receives when resetting their password to point to the attacker's server, and when the user...

Microsoft Windows - Constrained Impersonation Capability Privilege Escalation Exploit

Exploit for windows platform in category local exploits Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 not tested earlier versions Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability added in Windows 10 to...

NGS00137 Technical Advisory: Websense Triton 7.6 - reflected XSS in report management UI

======= Summary ======= Name: Websense Triton 7.6 reflected XSS in report management UI Release Date: 30 April 2012 Reference: NGS00137 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: Medium Status: Fixed ======== TimeLine ========...