CVE-2026-56075

PrasionAI before 4.5.128 contains an arbitrary shell command execution vulnerability in which UI modules hardcode approval_mode to auto, overriding the PRAISON_APPROVAL_MODE environment variable. This allows authenticated attackers to instruct the LLM agent to run arbitrary commands via subproces...

PT-2026-23441

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.14.3 Description Backstage, an open framework for building developer portals, contains a configuration bypass that can lead to arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlis...

CVE-2025-12801

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...

Apache Kyuubi 安全漏洞

Apache Kyuubi is a distributed SQL gateway from the Apache Foundation. Apache Kyuubi suffers from a directory traversal vulnerability that originates from a client-side bypass of server-side configuration, which can be exploited by an attacker to cause access to unauthorized local files...

Security Bulletin: Security Configuration vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2024-56339)

Summary IBM WebSphere Application Server Liberty is vulnerable to a security configuration attack which can affect IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable ...

CVE-2025-64348 ELOG configuration file authorization bypass

ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denial of service. If the execute facility is specifically enabled with the "-x" command line flag, attackers could execute OS commands on the host machine. By default, ELOG is not configured to allow...

EUVD-2006-4613

Malware in sbrugna...

EUVD-2009-4982

Malware in sbrugna...

EUVD-2022-5681

Malicious code in bioql PyPI...

EUVD-2022-2531

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-2457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended...

Security Bulletin: Vulnerabilities in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2025-36097 and CVE-2024-56339).

Summary There are vulnerabilities in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2025-36097 and CVE-2024-56339. An update to IBM TXSeries for Multiplatforms has been released to address these. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere...

CVE-2025-20285 Cisco Identity Services Engine IP Filter Access Restriction for Admin Access Configuration Bypass Vulnerability

A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is due to improper enforcement of access controls...

CVE-2025-20285 Cisco Identity Services Engine IP Filter Access Restriction for Admin Access Configuration Bypass Vulnerability

A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is due to improper enforcement of access controls...

CVE-2025-20285

CVE-2025-20285 describes a vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC that could allow an authenticated, remote attacker to bypass IP-based access controls and log into the device from an IP address that should have been restricted. The root cause is imprope...

CVE-2006-6683

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM...

CVE-2025-31478 Zulip Authentication Backend Configuration Bypass

Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being requir...

CVE-2025-31478 Zulip Authentication Backend Configuration Bypass

Zulip is an open-source team collaboration tool. Zulip supports a configuration where account creation is limited solely by being able to authenticate with a single-sign on authentication backend, meaning the organization places no restrictions on email address domains or invitations being requir...

Linux Distros Unpatched Vulnerability : CVE-2024-52792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does...