EUVD-2026-31978

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...

GHSA-7QHF-V65M-G5F3 mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags

...

PT-2025-44665

Name of the Vulnerable Software and Affected Versions ELOG affected versions not specified Description ELOG allows an authenticated user to modify or overwrite the configuration file, potentially leading to a denial of service. If the execute facility is enabled using the '-x' command line flag,...

Exim Security Feature Issue Vulnerability

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. Exim suffers from a security signature issue vulnerability that stems from the lack of a closed execution flag for privileged pipelines. No detailed vulnerability details are provided at th...

Exim 安全漏洞

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. Exim suffers from a security signature issue vulnerability that stems from the lack of a closed execution flag for privileged pipelines. No detailed vulnerability details are provided at th...