CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

📄 Ingress-NGINX Admission Controller 1.11.1 Remote Code Execution

Ingress-NGINX Admission Controller version 1.11.1 remote code execution proof of concept exploit that chains together multiple vulnerabilities. Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage:...

Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE

Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://kubernetes.io Software Link: https://github.com/kubernetes/ingress-nginx Version: Affects v1.10.0 to v1.11.1 potentially others Tested o...

EUVD-2017-5278

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-49606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigg...

WordPress DetailX theme <= 1.10.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme DetailX versions = 1.10.0...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +249 more potentially affected by CVE-2025-32962 via flask-appbuilder (>=1.10.0 <=4.5.4)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.1.0a7 and more Source cves: CVE-2025-32962 Source advisory: OSV:GHSA-99PM-CH96-CCP2...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2024-55238 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.8)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2024-55238 Source advisory: SNYK:JAVA-ORGOPENMETADATA-9833967...

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.11.0rc1) +156 more potentially affected by CVE-2025-24023 via flask-appbuilder (>=1.10.0 <=4.5.2)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.11 and more Source cves: CVE-2025-24023 Source advisory: OSV:PYSEC-2025-15...

CVE-2024-56471

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

PT-2025-5778 · Ibm · Ibm Aspera Shares

Name of the Vulnerable Software and Affected Versions: IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...

@1kit/react (>=0.0.74 <=0.0.149), @1kit/ui (>=0.0.14 <=0.0.90) +763 more potentially affected by CVE-2025-3191 via react-draft-wysiwyg (>=1.10.0 <=1.15.0)

react-draft-wysiwyg NPM version =1.10.0, =0.0.74, =0.0.14, =1.0.7, =0.2.2, =1.0.0, =0.0.5, =0.1.2, =1.0.2, =1.0.0, =0.0.1, =1.0.2, =2.0.54, =2.3.26 and more Source cves: CVE-2025-3191 Source advisory: SNYK:JS-REACTDRAFTWYSIWYG-8515884...

HashiCorp Vault and HashiCorp Vault Enterprise Security Vulnerabilities

HashiCorp Vault and HashiCorp Vault Enterprise are both products of HashiCorp, Inc. of the U.S. HashiCorp Vault is a private key access management tool.HashiCorp Vault Enterprise is an enterprise information archiving platform. Captures information across all communication platforms - seamlessly...

PT-2023-27537 · Cluevo · Cluevo Lms

Name of the Vulnerable Software and Affected Versions: CLUEVO CLUEVO LMS, E-Learning Platform plugin versions = 1.10.0 Description: A Cross-Site Request Forgery CSRF issue affects the CLUEVO CLUEVO LMS, E-Learning Platform plugin. This issue allows an attacker to perform unintended actions on a...

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-12622 via org.apache.geode:geode-core (>=1.10.0 <=1.2.1)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-12622 Source advisory: OSV:GHSA-H22R-H77W-2G5F...

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-15692 via org.apache.geode:geode-core (>=1.10.0 <=1.3.0)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.16.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-15692 Source advisory: OSV:GHSA-W395-HPQ9-7XWR...

AZL-9368 CVE-2022-24070 affecting package subversion for versions less than 1.14.2-1

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +113 more potentially affected by CVE-2021-41265 via flask-appbuilder (>=1.10.0 <=3.3.0)

flask-appbuilder PYPI version =1.10.0, =0.1.0rc3, =0.1.0, =2022.9.19, =1.0.7, =0.5.1, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.10.0, =1.10.3, =2.0.1rc2 and more Source cves: CVE-2021-41265 Source advisory: OSV:GHSA-M3RF-7M4W-R66Q...

APM Java Agent Security Update

APM Java Agent Local Privilege Escalation issue ESA-2021-29 A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account...