Deserialization of Untrusted Data

Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the logging.config.dictConfig function when user-controlled input is used for the logging configuration file path, whic...

GHSA-6326-W46W-PPJW Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

EUVD-2026-12224

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of...

PT-2026-25549

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of...

Use of Hard-coded Cryptographic Key

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the authentication process when a static fallback JWT signing secret is used if no custom secret is configured. An...

Command Injection

Overview blackboard-core is an A Python SDK implementing the Blackboard Pattern for LLM-powered multi-agent systems Affected versions of this package are vulnerable to Command Injection due to unsafe host-level execution being reachable without a hard security gate or explicit acknowledgment. An...

CVE-2025-67745

CVE-2025-67745 affects the MyHoard daemon for MySQL backups. In versions prior to 1.3.0, logs may include the full backup information including the encryption key, enabling potential disclosure. Version 1.3.0 fixes the issue. A workaround is to direct logs to /dev/null. Affected software is MyHoa...

PT-2025-34903 · Rails +1 · Rails +1

Name of the Vulnerable Software and Affected Versions: Basecamp Google Sign-In versions prior to 1.3.0 Description: A malformed URL can bypass the "same origin" check, potentially redirecting users to an unintended origin. This issue affects Rails applications using the library and storing flash...

Linux Distros Unpatched Vulnerability : CVE-2024-51491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during...

Missing Authentication for Critical Function

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Missing Authentication for Critical Function at the /api/v1/validate/code endpoint, which allows an attacker to execute arbitrary code by sending malicious HTTP requests...

CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

UBUNTU-CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

PT-2024-21839 · Apache · Apache Hugegraph-Server

Name of the Vulnerable Software and Affected Versions: Apache HugeGraph-Server versions 1.0.0 through 1.2.x Description: The issue is related to an Authentication Bypass by Spoofing. Users are recommended to upgrade to a newer version to fix the issue. Recommendations: For Apache HugeGraph-Server...

PT-2024-1462 · Apache · Apache Iotdb

Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 1.0.0 through 1.2.2 Description: The issue is a Remote Code Execution vulnerability in Apache IoTDB, which exists due to insufficient input validation. This allows a remote attacker to execute arbitrary code. Users are...

PT-2023-27903 · Unknown · Matrix Media Repo

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions prior to 1.3.0 Description: The issue allows an attacker to upload malicious media to the media repository, which is then served with Content-Disposition: inline upon download. This can be leveraged to execute scrip...

PT-2022-5283 · Apache +1 · Apache Linkis +1

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.2.0 and earlier Description: A deserialization vulnerability exists in Apache Linkis when used with the MySQL Connector/J, potentially allowing remote code execution if an attacker has write access to a database and...

PT-2022-8903 · Js-Ini · Js-Ini

Name of the Vulnerable Software and Affected Versions: js-ini versions prior to 1.3.0 Description: The issue arises when an attacker submits a malicious INI file to an application that uses the parse function to parse it. This can lead to prototype pollution on the application, which can be furth...

Arbitrary Code Execution

Overview grunt is a JavaScript task runner. Affected versions of this package are vulnerable to Arbitrary Code Execution due to the default usage of the function load instead of its secure replacement safeLoad of the package js-yaml inside grunt.file.readYAML. Remediation Upgrade grunt to version...