PT-2026-5206

Name of the Vulnerable Software and Affected Versions Acquia Content Hub versions 0.0.0 through 3.6.3 Acquia Content Hub versions 3.7.0 through 3.7.2 Description A Cross-Site Request Forgery CSRF issue exists in Acquia Content Hub. This allows attackers to perform actions on behalf of authenticat...

CVE-2025-64097 NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

Hubert Hub 安全漏洞

Hubert Hub is a digital management platform from Brazilian company Hubert. A security vulnerability exists in Hubert Hub v2.0 version 1.27.3, which stems from an arbitrary file upload in the /utils/uploadFile component, which could lead to an attacker executing arbitrary code by uploading a...

EUVD-2018-15620

Malware in sbrugna...

EUVD-2017-7535

Malware in sbrugna...

EUVD-2017-7538

Malware in sbrugna...

EUVD-2017-5956

Malware in sbrugna...

EUVD-2017-7542

Malware in sbrugna...

EUVD-2017-7532

Malware in sbrugna...

EUVD-2017-7543

Malware in sbrugna...

EUVD-2017-5958

Malware in sbrugna...

EUVD-2017-7537

Malware in sbrugna...

CVE-2025-11287

CVE-2025-11287 affects samanhappy MCPHub up to version 0.9.10. The vulnerability is in the function handleSseConnectionfunction of src/services/sseService.ts, causing improper authentication. It can be triggered remotely and public exploits exist. Remediation per referenced advisories is to upgra...

Server-side Request Forgery (SSRF)

Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the baseUrl argument in the serverController.ts. An attacker can make the server initiate arbitrary requests to internal or external systems by...

CVE-2025-11285

A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...

EUVD-2024-37379

Malicious code in bioql PyPI...

EUVD-2024-37183

Malicious code in bioql PyPI...

EUVD-2022-29957

Malicious code in bioql PyPI...

EUVD-2024-18979

Malicious code in bioql PyPI...

EUVD-2022-29956

Malicious code in bioql PyPI...