SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the GET /api/v1/main/flows/search endpoint. An attacker can execute arbitrary operating system commands by injecting malicious SQL payloads that leverage PostgreSQL's COPY ... TO PROGRAM ... functionality after...

CVE-2026-22664

The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...

Juju has a resource poisoning vulnerability

Summary Any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This one is very straightforward to just read in the code: Step 1: The authorisation mechanism for the resource handler is defined here. One is on...

Juju: Read All Controller Logs From Compromised Workload

Summary It is possible that a compromised workload machine under a Juju controller can read any log file for any entity in any model at any level. There is a debug log endpoint in the API server that allows streaming of logs off of the controller. To access this endpoint you must be authenticatio...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

Exploit for CVE-2026-28767

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

CVE-2026-34801

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dhcp/fixedleases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34792

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...

CVE-2026-34790 Endian Firewall /cgi-bin/backup.cgi remove ARCHIVE Directory Traversal

Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...

PT-2026-29657

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.10.2 Description OpenSTAManager is vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter in multiple AJAX select handlers. The user-supplied value from optionsstato is directly...

WatchGuard Firebox Fireware OS 安全漏洞

WatchGuard Firebox Fireware OS is an operating system developed by the American company WatchGuard, designed to provide security protection and traffic control capabilities for firewall devices. Vulnerabilities exist in versions 12.6.1 to 12.11.8, as well as in versions 2025.1 to 2026.1.2 of...

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

CVE-2026-30521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

CVE-2026-33029 Nginx UI: DoS via Negative Integer Input in Logrotate Interval

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enter...

nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

Summary The nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoint only applies IP whitelisting - and the default IP whitelist is empty, which t...

PT-2026-29023

I’ve added a new entry to my CVE list , CVE number 1️⃣ 3️⃣ . CVE-2026-4315 The issue is a Cross-Site Request Forgery CSRF in the Fireware OS Web UI that can allow a remote attacker to trigger a denial-of-service DoS condition by luring an authenticated administrator into visiting a malicious page...

Information Exposure

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Information Exposure via the jq and jqraw include filter expressions, which allow access to the env builtin. An attacker can obtain sensitive environment variables ...

GHSA-M2H6-4XPQ-QW3M A Fleet team maintainer can transfer hosts from any team via missing source team authorization

Summary A broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute...

A Fleet team maintainer can transfer hosts from any team via missing source team authorization

Summary A broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute...

CVE-2025-15381 Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...