Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Summary A cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. Impact The notification gateway's JWT handshake joined a...

PT-2026-46840

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions 32 through 35.0.1 Description An unauthenticated malicious user can cause a service crash by submitting a crafted JSON string to certain endpoints on the API or JSON-RPC service. Recommendations Update OpenStack Ironi...

PT-2026-43276

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description The software exposes a gRPC API server on port 50052 that lacks an authentication mechanism. The server is initialized using grpc::InsecureServerCredentials, allowing any user...

Linux Distros Unpatched Vulnerability : CVE-2026-23921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL...

EUVD-2026-10703

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. This affects the...

PT-2026-23615

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin allows access to predefined shell commands from a web interface. A flaw exists in the RestartAction functionality where a low-privileged authenticated user can execute actions they are...

EUVD-2018-4669

Malware in sbrugna...

EUVD-2018-0242

Malware in sbrugna...

EUVD-2012-4023

Malware in sbrugna...

EUVD-2021-26491

Malware in sbrugna...

EUVD-2021-22930

Malware in sbrugna...

EUVD-2021-8872

Malicious code in bioql PyPI...

EUVD-2022-4032

Malicious code in bioql PyPI...

EUVD-2024-48495

Malicious code in bioql PyPI...

EUVD-2024-48494

Malicious code in bioql PyPI...

EUVD-2024-48492

Malicious code in bioql PyPI...

CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

Zabbix SQL注入漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from SQL injection in the API service, which could lead to execution of arbitrary SQ...

ai-dynamo (>=0.1.0 <=0.3.0), bento-sgl-router (>=0.0.1 <=0.0.6) +32 more potentially affected by CVE-2024-9056 via bentoml (>=0.10.1 <=1.4.8)

bentoml PYPI version =0.10.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.2.3, =0.1.0, =0.0.1, =0.0.10, =0.1.0, =0.2.0, =0.0.5, =0.1.1 - fusionmllib =0.1.0 - kazemlstack =0.1.0 and more Source cves: CVE-2024-9056 Source advisory: SNYK:PYTHON-BENTOML-9508724...

CVE-2024-7603

Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The...