EUVD-2026-25613

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be...

CVE-2026-33353 Soft Serve: Authenticated repo import can clone server-local private repositories

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

EUVD-2026-14013

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-local Git repository, including another user's private repo, into a new repository they control. Thi...

GO-2026-4788 In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve

In Soft Serve, an authenticated repo import can clone server-local private repositories in github.com/charmbracelet/soft-serve...

WordPress ShortPixel Image Optimizer plugin <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export vulnerability

Authenticated Contributor+ Settings Import/Export vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ShortPixel Image Optimizer versions = 6.3.4...

EUVD-2025-27633

Malicious code in bioql PyPI...

CVE-2025-9918 Zip Slip in Google SecOps SOAR allows for Remote Code Execution

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server versions 6.3.54.0, 6.3.53.2, and all prior versions allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution RCE via uploading a malicious ZIP archive...