CVE-2026-13484

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high...

EUVD-2026-39984

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high...

CVE-2026-13484

Technical details about CVE-2026-13484 are not publicly available in the provided documents. Please monitor for updates from official advisories; no affected products, vulnerable components, or fixes are specified here.

apna-experiment-sdk (>=0.1.0 <=0.4.10), askui (>=0.22.12 <=0.34.0) +39 more potentially affected by CVE-2026-31072 via apscheduler (>=4.0.0a2 <=4.0.0a6)

apscheduler PYPI version =4.0.0a2, =0.1.0, =0.22.12, =1.0.1, =3.8.0, =1.3.0, =3.0.0a0, =0.1.5, =2.0.5, =0.15.1, =0.0.3, =0.1.0rc0, =2.0.0, =8.4.0, =8.7.0 and more Source cves: CVE-2026-31072 Source advisory: SNYK:PYTHON-APSCHEDULER-16787181...

Security Incentivization: An Empirical Study of How Micropayments Impact Code Security

Security often receives insufficient developer attention because it does not directly generate visible value, leading to underinvestment in practice. We evaluate a countermeasure by team-level incentives tied to measurable security improvements over time. Our semi-automated mechanism aggregates...

PT-2026-36304

The LabOne Q serialization framework uses a class-loading mechanism import cls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals

Passkeys have recently emerged as a passwordless authentication mechanism, yet their usability in captive portals remains unexplored. This paper presents an empirical, comparative usability study of passkeys and passwords in a Wi-Fi hotspot using a captive portal. We conducted a controlled...

PT-2026-6641

Name of the Vulnerable Software and Affected Versions Webpack versions 5.49.0 through 5.104.0 Description Webpack’s HTTPS resolver HttpUriPlugin can be bypassed when the experiments.buildHttp feature is enabled. This bypass allows fetching resources from hosts outside of the allowedUris...

CVE-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

EUVD-2017-9663

Malware in sbrugna...

EUVD-2025-6960

Malicious code in bioql PyPI...

Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Jamming-Resistant AAV Communications: a Multichannel-Aided Approach

Jamming cancellation is essential to reliable unmanned autonomous vehicle AAV communications in the presence of malicious jammers. In this paper, we develop a practical multichannel-aided jamming cancellation method to realize secure AAV communications. The proposed method is capable of...

Malicious code in actions-experiment (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3571367d4274d4ca5d5c2cd7b400c40b4d656c2c58fb0746e8372cb24910c5b The OpenSSF Package Analysis project identified 'actions-experiment' ...

MAL-2025-5743 Malicious code in actions-experiment (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3571367d4274d4ca5d5c2cd7b400c40b4d656c2c58fb0746e8372cb24910c5b The OpenSSF Package Analysis project identified 'actions-experiment' ...

SUSE CVE-2025-2570

Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...

CVE-2024-22410

Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute...

CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential…...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from not checking the RestrictSystemAdmin setting, which can be exploited by an attacker to cause a system administrator to access...