PT-2026-41825

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

CVE-2025-65020

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

PT-2025-45466

Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description A Broken Object Level Authorization BOLA issue exists in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application. The API does not properly validate if the...

EUVD-2011-2708

Malware in sbrugna...

EUVD-2021-11791

Malware in sbrugna...

EUVD-2018-11832

Malware in sbrugna...

EUVD-2024-51188

Malicious code in bioql PyPI...

EUVD-2025-24544

Malicious code in bioql PyPI...

EUVD-2022-52748

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-20247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromise...

WeGIA SQL Injection Vulnerability (CNVD-2025-17268)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/profiledependente.php endpoint iddependente parameter. An attacker could exploit this...

AZL-62432 CVE-2025-27101 affecting package opal 3.10.11-13

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

CVE-2025-25185

GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it...

CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

CVE-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

PT-2025-5589 · Apache · Apache Cassandra

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 4.0.0 through 4.0.15 Apache Cassandra versions 4.1.0 through 4.1.7 Apache Cassandra versions 5.0.0 through 5.0.2 Description: The issue allows users to access a datacenter or IP/CIDR groups they should not be able to...

Oracle JD Edwards Products 安全漏洞

Oracle JD Edwards Products is a fully integrated suite of Enterprise Resource Planning ERP applications from Oracle Corporation USA. The products provide application modules for financial management, project management, and asset lifecycle management. A security vulnerability exists in Oracle JD...

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

Oracle PeopleSoft Enterprise PeopleTools is Oracle's technology for providing PeopleSoft applications with the ability to stay in sync with users' needs and expectations. A security vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools. An attacker could exploit the vulnerability to...

SUSE CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to...