EUVD-2022-27795

Malicious code in bioql PyPI...

EUVD-2023-0233

Malicious code in bioql PyPI...

EUVD-2025-7104

Malicious code in bioql PyPI...

EUVD-2023-2760

Malicious code in bioql PyPI...

EUVD-2025-22102

Malicious code in bioql PyPI...

CVE-2025-27217

A Server-Side Request Forgery SSRF in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1)

The version of AHV installed on the remote host is prior to AHV-10.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1 advisory. - An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for...

CVE-2024-10363

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions...

CVE-2024-42472 Flatpak may allow access to files outside sandbox for certain apps

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

GHSA-X4WF-678H-2PMQ Keras code injection vulnerability

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

Integer overflow

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from improper management of application permissions in the backend of the framework module...

Design/Logic Flaw

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...

CVE-2023-46255 `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed e.g. by having a password which contains : the full URI including the provided password is...

Vulnerability fixed in Apache Jackrabbit

Apache Foundation has fixed a vulnerability in Jackrabbit. A malicious party could exploit the vulnerability to execute arbitrary execute code with permissions from the application using of Jackrabbit. Because Jackrabbit is executed with the privileges of the application, it cannot be ruled out...

CVE-2023-35930 LookupResources may return partial results in spicedb

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a LookupResources request with 1.22.0 is affected. For example, using LookupResources...

PT-2023-15024 · Ibm · Ibm Manage Application

Name of the Vulnerable Software and Affected Versions: IBM Manage Application versions 8.8.0 through 8.9.0 Description: The issue is related to incorrect default permissions, which could allow a user to perform actions they should not have access to. Recommendations: For versions 8.8.0 and 8.9.0,...

Vulnerability fixed in Atlassian Bitbucket

Atlassian has fixed a vulnerability in Bitbucket Server and Data Center. A malicious party could exploit the vulnerability to execute arbitrary code via API calls with permissions from the application. To exploit, the malicious party only needs access to a public repository, or if it is a private...

CVE-2021-43970

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 1043 via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated low privileged attacker to execute remote code on the target server within the context of...