BentoML 后置链接漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.38 contained a post-link vulnerability. This vulnerability stemmed from the fact that the bui...

oinone-pamirs 代码问题漏洞

Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains code vulnerabilities. These vulnerabilities stem from the XML parsing logic based on XStream. When attacker-controlled XML is passed to the framework’s parsing points, such as...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.9 to 2026.4.10 contained a security vulnerability. This vulnerability stemmed from a bypass of the sender policy in the outbound host media attachment reading assistant, which could...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from treating the shared reply MEDIA path as trusted, which could allow attackers to trigger cross-channel...

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open sourced by HKU. Versions prior to OpenHarness PR 147 contained security vulnerabilities. These vulnerabilities stemmed from an unsafe default configuration in the remote channel, where allowfrom =...

Calibre 安全漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer from India. It serves as a comprehensive e-book reading management and format conversion tool. Versions of Calibre prior to 9.6.0 contained security vulnerabilities. These vulnerabilities stemmed from a path...

Ray 路径遍历漏洞

Ray is an open-source framework developed by ray-project, designed to extend AI and Python applications. Versions of Ray prior to 2.8.1 contained a path traversal vulnerability. This vulnerability stemmed from improper validation and cleaning of paths provided by users during the static file...

Cloud hypervisor 安全漏洞

Cloud Hypervisor is a virtual machine monitor developed by Cloud Hypervisor Company, designed for modern cloud workloads. Versions 34.0 to 50.0 of Cloud Hypervisor contain security vulnerabilities. These vulnerabilities stem from defects in the virtio-block device supported by original images,...

Live Server 安全漏洞

Live Server is a local development server personally developed by Ritwick Dey. Version 5.7.9 of Live Server contains a security vulnerability, which stems from user interactions with specially crafted HTML pages, potentially leading to file leaks...

CLSA-2026-1770993656 nodejs: Fix of CVE-2026-21637

CVE-2026-21637: fix a flaw in TLS error handling where exceptions in handshake callbacks can cause process crashes or file descriptor leaks...

PT-2025-50605

Apache Struts 2 DoS Flaw CVE-2025-66675 Risks Server Crash via File Leak in Multipart Request Processing https://securityonline.info/apache-struts-2-dos-flaw-cve-2025-66775-risks-server-crash-via-file-leak-in-multipart-request-processing/...

EUVD-2020-3806

Malware in sbrugna...

EUVD-2021-31383

Malicious code in bioql PyPI...

EUVD-2024-0072

Malicious code in bioql PyPI...

CVE-2025-54780

The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2...

[slackware-security] screen

New screen packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/screen-4.9.1-i586-1slack15.0.txz: Upgraded. This update fixes security issues: attacher.c - prevent temporary 0666 mode on PTYs. avoid...

GHSA-M27M-H5GJ-WWMG Gogs allows argument Injection when tagging new releases

Impact Unprivileged user accounts with at least one SSH key can read arbitrary files on the system. For instance, they could leak the configuration files that could contain database credentials database and security SECRETKEY. Attackers could also exfiltrate TLS certificates, other users'...

CVE-2024-47868

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...