PT-2026-40272

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

EUVD-2025-7810

Malicious code in bioql PyPI...

CVE-2025-27822

CVE-2025-27822 : Affects Backdrop CMS via the Masquerade module before 1.x-1.0.1. The vulnerability arises because the value of the permission "Masquerade as admin" is not consistently enforced, potentially allowing a user with the "Masquerade as user" permission to masquerade as an administrator...

CVE-2025-27822

An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people who can masquerade from switching to an account with administrative...

CVE-2022-24450

A flaw was found in the NATS nats-server in an experimental feature that provides dynamically provisioned sandbox accounts that do not check the clients’ authorization. This flaw allows an attacker to take advantage of its valid account and switch over to another existing account without further...

Reddit: Email Verification Bypass And Get access to user's private invitation.

Part 2 of my previous report : https://hackerone.com/reports/1225499 I am sending this report again because you closed my previous report. i posed new impact of this vulnerability in my previous report but i didn't get any reply. So i reported it again. First Vulnerability : Email verification...