EUVD-2026-31972

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

CVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...

CVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...

CVE-2026-5788

CVE-2026-5788 affects Ivanti Endpoint Manager Mobile (EPMM). Affected versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1 suffer an improper access control that allows a remote unauthenticated attacker to invoke arbitrary methods. Ivanti’s May 2026 advisory and ENISA/NCSC references confirm these ve...

CVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...

PT-2026-38455

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote unauthenticated attacker to invoke arbitrary methods. Recommendations Upda...

EUVD-2022-3680

Malicious code in bioql PyPI...

EUVD-2022-4100

Malicious code in bioql PyPI...

EUVD-2022-5283

Malicious code in bioql PyPI...

CVE-2019-10417

Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2019-10418

Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2024-7915

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading...

Exposed Dangerous Method or Function

Overview orchid/platform is a Platform for back-office applications, admin panel or CMS your Laravel app. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the asynchronous modal functionality via the Screen class. An attacker can call arbitrary methods...

CVE-2024-51992 Method Exposure Vulnerability in Modals in orchid/platform

Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue CWE-749: Exposed Dangerous Method or Function in the Orchid Platform’s asynchronous modal functionality, affecti...

PT-2024-36: Calling arbitrary methods in Orchid Platform

The vulnerability was identified in Orchid Platform versions 8 - 14.42.x. Discovered vulnerability can be exploited by an attacker to call arbitrary methods in the Screen class, which could lead to the ability to brute force database tables and disclosure of the server's IP address. Vulnerability...

PT-2024-22275

Name of the Vulnerable Software and Affected Versions stimulus reflex versions prior to 3.4.2 stimulus reflex versions prior to 3.5.0.rc4 Description The issue allows more methods than expected to be called on reflex instances, which has security implications. To invoke a reflex, a websocket...

StimulusReflex Security Vulnerability

StimulusReflex is a system that extends the functionality of Rails and Stimulus by intercepting user interactions and passing them to Rails via a live websocket. A security vulnerability exists in StimulusReflex 3.4.1 and earlier, 3.5.0.rc3 and earlier, which stems from a vulnerability that allow...

BIT-DISCOURSE-2023-30606 Multisite denial of service through unsanitized dynamic dispatch to SiteSetting in Discourse

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

CVE-2023-30606

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...

Design/Logic Flaw

Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the SiteSetting class, notably clearcache! and notifychanged!, which when done on a multisite instance, can affect the entire cluster resulting in a...