21 matches found
CVE-2026-50076
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...
CVE-2026-7400
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...
PT-2026-35977
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is path allowed of the file server.py of the component read file tool/write file tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit...
PT-2026-35682
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file path results in path traversal. The attack may b...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339.
Summary IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when...
Security Bulletin: Astronomer with IBM is vulnerable to unbounded memory allocation due to the axios package (CVE-2025-58754)
Summary Axios is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL wi...
Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the markdown-it package (CVE-2025-7969)
Summary Markdown-it is used by Astronomer with IBM as part of markdown parsing functionality. Vulnerability Details CVEID:CVE-2025-7969 DESCRIPTION: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting...
Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)
Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...
Security Bulletin: Astronomer with IBM is vulnerable to network segmentation abuse due to the moby package (CVE-2025-54410)
Summary Moby is used by Astronomer with IBM as part of container management. Vulnerability Details CVEID:CVE-2025-54410 DESCRIPTION: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream...
Security Bulletin: Astronomer with IBM is vulnerable to session security compromise due to the CIRCL package (CVE-2025-8556)
Summary CIRCL is used by Astronomer with IBM as part of crytographic processing functionality. Vulnerability Details CVEID:CVE-2025-8556 DESCRIPTION: A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via...
Security Bulletin: Astronomer with IBM is vulnerable to uncontrolled recursion due to the Apache Commons Lang package ( CVE-2025-48924)
Summary Apache Commons Lang is used by Astronomer with IBM as part of overall processing. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6...
Security Bulletin: Astronomer with IBM is vulnerable to authorization bypass due to the Kubernetes NodeRestriction functionality (CVE-2025-4563)
Summary Kubernetes is used by Astronomer with IBM as part of overall processing and deployment. Vulnerability Details CVEID:CVE-2025-4563 DESCRIPTION: A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When t...
Security Bulletin: Astronomer with IBM is vulnerable to unrestricted filesystem writes due to the tar-fs package (CVE-2025-48387)
Summary Tar-fs is used by Astronomer with IBM as part of tar file processing. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir...
Security Bulletin: Astronomer with IBM is vulnerable to HTTP parameter pollution due to the form-data package (CVE-2025-7783)
Summary Form-data is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program...
EUVD-2025-26205
Malicious code in bioql PyPI...
Intel® AI for Enterprise Retrieval-augmented Generation Software Advisory
Summary: A potential security vulnerability in some Intel® AI for Enterprise Retrieval-augmented Generation software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24923 Description:...
Linux Distros Unpatched Vulnerability : CVE-2025-7339
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being...
Improper Authorization
Overview PyNinja is a Lightweight OS-agnostic service monitoring API Affected versions of this package are vulnerable to Improper Authorization due to the ability to access the '/monitor' page, which exposes sensitive information. Remediation Upgrade PyNinja to version 1.1.0 or higher. References...
PT-2024-32459 · Unknown · Basic-Auth-Connect
Name of the Vulnerable Software and Affected Versions: basic-auth-connect versions prior to 1.1.0 Description: The issue concerns a timing-unsafe equality comparison in basic-auth-connect that can leak timing information. This comparison can potentially allow an attacker to observe differences in...
PT-2023-23721 · Unknown · Cloudexplorer Lite
Name of the Vulnerable Software and Affected Versions: CloudExplorer Lite versions prior to 1.1.0 Description: The issue concerns a cloud management platform where organization/workspace permissions are not properly checked, allowing users to add themselves to any organization. This has been fixe...