77 matches found
CVE-2026-15508
Helicone ai-gateway (up to 0.2.0-beta.30) is affected. The flaw is in the AWS Metadata Service component, specifically the build_target_url function in ai-gateway/src/dispatcher/service.rs, where manipulating extracted_path_and_query can trigger server-side request forgery. Exploitation is possib...
CVE-2026-58473
Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...
CVE-2026-58473 Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings
Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...
Slackware Linux 15.0 / current openssl Multiple Vulnerabilities (SSA:2026-168-05)
The version of openssl installed on the remote host is prior to 1.1.1zh / 3.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-168-05 advisory. New openssl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted t...
CVE-2025-50328
CVE-2025-50328 affects B1 Free Archiver v1.5.86. The vulnerability occurs when files extracted from downloaded archives do not propagate the Zone.Identifier (MotW) ADS to extracted files, allowing them to bypass Windows Defender SmartScreen and security prompts. This can enable untrusted code exe...
SUSE-SU-2026:1644-1 Security update for python-requests
This update for python-requests fixes the following issues: - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589...
PT-2026-28677
Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.0.3 Description The software improperly processes annotation directives embedded in automatically extracted binary data, leading to arbitrary command execution when a user interacts with the user interface. The...
CVE-2026-32044 OpenClaw < 2026.3.2 - Tar Archive Safety Bypass in Skills Installation
OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...
node-tar 安全漏洞
node-tar is a software package for file compression/decompression developed by Isaacs. Versions of node-tar prior to 7.5.11 contained a security vulnerability. This vulnerability stemmed from the ability to create symbolic links that could trick the system into pointing to directories other than...
CVE-2018-25194
Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST requests to the login/checklogin.php endpoint with crafted UNION-based SQL injection...
CVE-2026-0754
The CVE describes a vulnerability in Poly Voice devices where an embedded test key and certificate can be extracted via reverse engineering. If a SIP service provider does not properly validate device certificates, the extracted certificate could be accepted, enabling impersonation of the Poly Vo...
wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...
PT-2026-6205
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A file upload validation bypass allows attackers to upload files with restricted extensions by including...
Fedora 43 : golangci-lint (2025-cc4c533b49)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cc4c533b49 advisory. Latest version - This build with the latest golang should also fix all the Go CVEs, although I did verify how/if this package is affected by these...
EUVD-2021-1814
Malware in sbrugna...
EUVD-2023-50497
Malicious code in bioql PyPI...
pip 安全漏洞
pip is a Python package installer open-sourced by the Python Packaging Authority. A security vulnerability exists in pip that stems from a failure to check whether symbolic links point to extracted directories, which could lead to a path traversal attack...
Linux Distros Unpatched Vulnerability : CVE-2022-42906
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes...
EulerOS 2.0 SP11 : emacs (EulerOS-SA-2025-1949)
According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source...
Fedora 42 : incus (2025-2edb6773ed)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2edb6773ed advisory. New release of Incus. Release information: https://github.com/lxc/incus/releases/tag/v6.15.0 Tenable has extracted the preceding description block...