PT-2026-48476

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

PT-2026-42675

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The OAuth token strategy attaches oauth scope and oauth granted resources to the request user, but the ACL Access Control List middleware fails to consult these values. Consequently, an OAuth toke...

GHSA-3VJ8-JMXQ-CGJ5 h3 has a middleware bypass with one gadget

H3 NodeRequestUrl bugs Vulnerable pieces of code : js import H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler from "h3"; let app = new H3 const internalOnly = defineHandlerevent, next = const token = event.headers.get"x-internal-key"; if token !==...

CVE-2025-57710 Qsync Central

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

CVE-2020-24686

The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and...

EUVD-2018-4293

Malware in sbrugna...

EUVD-2019-13270

Malware in sbrugna...

EUVD-2023-54333

Malicious code in bioql PyPI...

EUVD-2022-2130

Malicious code in bioql PyPI...

EUVD-2024-42217

Malicious code in bioql PyPI...

EUVD-2025-16621

Malicious code in bioql PyPI...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. An unrestricted resource allocation vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to...

PT-2025-31940 · Thinkphp3 · Thinkphp3

Name of the Vulnerable Software and Affected Versions: thinkphp3 version 3.2.5 Description: An issue in thinkphp3 allows a remote attacker to execute arbitrary code via the index.php component. This can be achieved through crafted template inclusion, requiring no login. Recommendations: Block...

CVE-2025-48462

Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product...

CVE-2025-48462 Login Session Exhaustion

Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product...

CVE-2022-24797

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...

CVE-2022-29183

GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing co...

CVE-1999-0087

Denial of service in AIX telnet can freeze a system and prevent users from accessing the server...

CVE-2025-24897

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...

CVE-2024-8772

51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited...