CVE-2026-2734

A flaw was found in mlflow. An authenticated user could exploit a lack of proper authorization checks in the SearchModelVersions REST API and mlflowSearchModelVersions GraphQL query. This flaw allows them to enumerate all model versions across all registered models, potentially exposing sensitive...

Exploit for CVE-2026-9082

CVE-2026-9082 — Drupal Core PostgreSQL SQL Injection PoC...

CVE-2026-4858

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Mattermost auth token using via path traversal in integration action...

MAL-2026-4588 Malicious code in ionic-insta-api-wrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02b21f843420dc38a87320830c9f9bd48d72a2938774100b1ee08a2db708abbc ionic-insta-api-wrapper is presented as an Instagram API client but its advertised login API silently relays caller-supplied credentials and session...

CVE-2026-9100

A flaw was found in the MongoDB C Driver's legacy GridFS API. This vulnerability allows an attacker to craft malicious documents in a GridFS collection. When an application reads these crafted files via the legacy API, it may either crash due to a division-by-zero error, leading to a Denial of...

CVE-2026-4858

Mattermost CVE-2026-4858 affects versions 11.6.x, 11.5.x, 11.4.x and 10.11.x where the integration action URL does not properly validate path traversal. This allows a malicious authenticated user to call an arbitrary API using the system admin Mattermost token by exploiting the path traversal in ...

Flattening of vulnerability issues within the Drupal core

Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...

CVE-2026-4055 Insufficient permission validation on cross-team playbook run creation

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

MAL-2026-4696 Malicious code in turing-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6 package.json declares turing-code as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registr...

Malicious code in turing-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01af0d34d23b6ed4e61390a21baec8c1bb81080c04945293a7e4ba8d20277ca6 package.json declares turing-code as an HTTPS tarball dependency at https://turing.tap365.org/v1.1.2/turing-code-1.1.2.tgz, bypassing the npm registr...

CVE-2026-2734

Summary : For mlflow/mlflow up to version 3.9.0, the REST endpoint GET /api/2.0/mlflow/model-versions/search and the GraphQL query mlflowSearchModelVersions lack per-model authorization when basic auth is enabled. This results in any authenticated user being able to enumerate all model versions a...

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

MAL-2026-4558 Malicious code in fastgrc-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey returns a hardcoded BUNDLEDAPIKEY...

autopenx

AutoPenX – A fully automated CTF-solving & penetration testing...

PT-2026-42533

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process ajax restore action function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access a...

PT-2026-42395

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0 Description When basic authentication is enabled, the 'SearchModelVersions' REST API endpoint and the 'mlflowSearchModelVersions' GraphQL query lack proper per-model authorization checks. This allows any...

PT-2026-42525

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT SSL VERIFYPEER to false and not setting CURLOPT SSL VERIFYHOST when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions...

PT-2026-42680

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the hardcoded WhitePages reverse phone API key in the wp1.php file, which...

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.14 contained a security vulnerability. This vulnerability stemmed from the lack of verification of whether the allowedroutes field was within the user’s...