PT-2026-31912

Name of the Vulnerable Software and Affected Versions Juju versions prior to 2.9.57 and 3.6.21 Description Juju versions prior to 2.9.57 and 3.6.21 contain an authorization issue in the Controller facade. An authenticated user can call the CloudSpec API method to extract cloud credentials used fo...

CVE-2026-33551

OpenStack Keystone vulnerability CVE-2026-33551 allows an authenticated user with only a reader role to obtain EC2/S3 credentials via restricted application credentials when using the EC2/S3 compatibility API (swift3/s3api). Affected products/versions: Keystone 14 through 26 before 26.1.1, 27.0.0...

CVE-2026-35516

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...

CVE-2026-35516

LinkAce CVE-2026-35516 affects LinkAce prior to version 2.5.4. The issue arises because LinkRepository::update and CheckLinksCommand::checkLink do not validate private IPs, allowing an authenticated user to cause server-side requests to internal resources (e.g., AWS IMDSv1, cloud metadata, intern...

EUVD-2026-19682

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...

CVE-2026-35516

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...

CVE-2026-35486

CVE-2026-35486 affects text-generation-webui prior to 4.3, where the superbooga/superboogav2 RAG extensions fetch user-supplied URLs via requests.get() without validation. The root cause is lack of URL scheme validation, IP filtering, and hostname allowlisting, enabling an attacker to reach cloud...

PT-2026-30864

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...

LinkAce 代码问题漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.4 had code vulnerabilities. These vulnerabilities stemmed from insufficient checks on private IP addresses, allowing authenticated users to read...

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just how...

Malicious code in polymarkets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 facfcba74011619f5bb2eaf096e41239f81520cb4effff3b45f8b42c84d42060 During import, the code attempts to exfiltrate to a hardcoded location sensitive data, including private SSH keys, cloud credentials and Windows SAM database...

MAL-2026-2403 Malicious code in polymarkets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 facfcba74011619f5bb2eaf096e41239f81520cb4effff3b45f8b42c84d42060 During import, the code attempts to exfiltrate to a hardcoded location sensitive data, including private SSH keys, cloud credentials and Windows SAM database...

TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials

Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions 4.87.1 & 4.87.2 of its Python SDK to steal cloud and crypto credentials...

Aqua Security Trivy 0.69.4 Supply Chain Compromise (GHSA-69fq-xp46-6x23)

The version of Aqua Security Trivy installed on the remote host is 0.69.4. This version was published by a threat actor using compromised credentials as part of a supply chain attack. The malicious release contains credential-stealing malware designed to exfiltrate secrets such as SSH keys, cloud...

Aquasecurity Trivy Embedded Malicious Code Vulnerability

Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credentials, database passwords, and any sensitive configuration in memory...

TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers...

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

In this article 1. Analyzing the Trivy supply chain compromise 2. Detection and investigation 3. Mitigation and protection guidance 4. Advanced hunting queries 5. References 6. Learn more On March 19, 2026, Trivy, Aqua Security’s widely used open-source vulnerability scanner, was reported to have...

Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach

Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps...

Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign

LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains...

CVE-2026-33340

LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems. A critical Server-Side Request Forgery SSRF vulnerability has been identified in all known existing versions of lollms-webui. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to...