abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +660 more potentially affected by CVE-2025-15379 via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: CVE-2025-15379 Source advisory: SNYK:PYTHON-MLFLOW-15825746...

GHSA-F346-8RP3-4H9H TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

Summary A flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded...

CVE-2025-55263

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets...

PT-2026-28493

Name of the Vulnerable Software and Affected Versions TSPortal versions prior to 34 Description TSPortal, the WikiTide Foundation’s in-house platform used by the Trust and Safety team, was found to have a flaw that allowed attackers to create arbitrary user records in the database. This was...

CVE-2025-33215

NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of...

CVE-2026-31964

A flaw was found in HTSlib, a library for reading and writing bioinformatics file formats. When processing specially crafted CRAM Compressed Reference-aligned Alignment Map data, specifically records that omit sequence or quality data using the CONST, XPACK, or XRLE encodings, the library attempt...

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

CVE-2026-28539

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2026-23750

Name of the Vulnerable Software and Affected Versions TSPortal versions prior to 30 Description TSPortal is a platform used by the WikiTide Foundation’s Trust and Safety team for managing reports, investigations, appeals, and transparency work. Prior to version 30, the conversion of empty strings...

EUVD-2026-9800

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28539

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28539

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28539

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28539

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28539

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28539

CVE-2026-28539 is a data processing vulnerability in the certificate management module. The vulnerability is assessed with CVSS 3.1 (MEDIUM, 6.2) with Local attack vector, Low attack complexity, no privileges required, and no user interaction, but Confidentiality impact is HIGH while Integrity an...

PT-2026-23420

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-20445

In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184...

GHSA-GJ6X-Q8RH-WJ6X Curio exposes database credentials to users with network access through verbose HTTP error responses

Summary Multiple HTTP handlers in Curio passed raw database error messages to HTTP clients via http.Error. When the PostgreSQL/YugabyteDB driver pgx returned errors, these could contain the database connection string — including hostname, port, username, and password. Additionally, the internal...

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-15 and 6.9.13-40 contained a buffer error vulnerability. This vulnerability stemmed from insufficie...