LiteLLM SQL注入漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the use of OpenAI format calls for all LLM APIs. In versions 1.81.16 to 1.83.7 of LiteLLM, there was a SQL injection vulnerability. This vulnerability stemmed from the use of database queries during the check of the proxy...

CVE-2026-7551

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

CVE-2026-22682

OpenHarness CVE-2026-22682 affects the built-in file tools. The root cause is inconsistent parameter handling in permission enforcement, specifically that the path parameter is not passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools. This allows attackers ...

BIT-SEALED-SECRETS-2026-22728 Bitnami Sealed Secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

CVE-2023-49653

Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...

CVE-2021-27457

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...

Synology DiskStation Manager (DSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check

Synology DiskStation Manager DSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

CVE-2025-5452

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the...

EUVD-2016-0882

Malware in sbrugna...

EUVD-2020-28642

Malware in sbrugna...

EUVD-2004-1780

Malware in sbrugna...

EUVD-2018-3237

Malware in sbrugna...

EUVD-2020-28433

Malware in sbrugna...

EUVD-2006-2522

Malware in sbrugna...

EUVD-2016-3952

Malware in sbrugna...