Harbor <=1.82.0 - Privilege Escalation

Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration. id: CVE-2019-16097...

EUVD-2023-29504

Malicious code in bioql PyPI...

EUVD-2025-4182

Malicious code in bioql PyPI...

EUVD-2025-4189

Malicious code in bioql PyPI...

EUVD-2025-4185

Malicious code in bioql PyPI...

EUVD-2025-4187

Malicious code in bioql PyPI...

EUVD-2025-4180

Malicious code in bioql PyPI...

EUVD-2025-4186

Malicious code in bioql PyPI...

EUVD-2025-4183

Malicious code in bioql PyPI...

EUVD-2025-4179

Malicious code in bioql PyPI...

EUVD-2025-4181

Malicious code in bioql PyPI...

EUVD-2025-4190

Malicious code in bioql PyPI...

Security Bulletin: Vulnerability in PostgreSQL affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in PostgreSQL has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...

CVE-2025-26373

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua user endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to enumerate users via crafted HTTP requests...

CVE-2025-26370

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove privileges from user groups via crafted HTTP requests...

CVE-2025-26378

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests...

CVE-2025-26376

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to modify user data via crafted HTTP requests...

CVE-2025-26374

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua users endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to enumerate users via crafted HTTP requests...

CVE-2025-26377

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to remove users via crafted HTTP requests...

CVE-2025-26369

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated low-privileged attacker to add privileges to user groups via crafted HTTP requests...