90 matches found
EUVD-2026-33548
An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...
ZTE ZXUniPOS NDS-LTE 安全漏洞
ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability, which stems from ineffective access control. This vulnerability may allow unauthorized users to access system data that exceeds their permissions, such...
GHSA-CHQV-VRJ7-QFFP NocoDB: Shared-base link access can invite arbitrary users as persistent base members
Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...
PT-2026-42618
Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...
Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change
Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens JWTs remain fully valid after a user changes their password. The JWT validation middleware CheckJWT only verifies token signature, expiry, issuer, and signing algorithm — it does not check...
GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS
Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...
CVE-2026-33768
Astro: Unauthenticated Path Override via x-astro-path/x_astro_path affects Astro 5.18.1 + @astrojs/vercel 9.0.4 and Astro 6.0.3 + @astrojs/vercel 10.0.0, with patch in 10.0.2. The vulnerable code rewrites the internal request path from a caller-supplied header or query parameter without authentic...
CVE-2026-25702
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before...
PT-2026-23409
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 12 SP5 Description An Improper Access Control issue exists in the kernel of SUSE Linux Enterprise Server 12 SP5, impacting nftables functionality. This prevents firewall rules applied through nftables from...
CVE-2026-27475
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
Keras has a Local File Disclosure via HDF5 External Storage During Keras Weight Loading
Summary TensorFlow / Keras continues to honor HDF5 “external storage” and ExternalLink features when loading weights. A malicious .weights.h5 or a .keras archive embedding such weights can direct loadweights to read from an arbitrary readable filesystem path. The bytes pulled from that path...
Malicious code in plugin-vue (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d02d8d83b614a55ba66663cbaa93bfc062bb8de63f438fcd60bea960610a5f The package plugin-vue was found to contain malicious code. Source: ghsa-malware 5dd13d282d1e3afa8890341ff538701132443043511faaac6d79e562de074cb3 Any...
CVE-2026-0895
The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...
6DAttack: Backdoor Attacks in the 6DoF Pose Estimation
Deep learning advances have enabled accurate six-degree-of-freedom 6DoF object pose estimation, widely used in robotics, AR/VR, and autonomous systems. However, backdoor attacks pose significant security risks. While most research focuses on 2D vision, 6DoF pose estimation remains largely...
Malicious code in tailwind-variables (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50a9b7a9c02e83e0b4145dc9caaa9d04b407a199ae5d54b9f544f91397980966 The package tailwind-variables was found to contain malicious code. Source: ghsa-malware...
CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
PT-2025-44268
Name of the Vulnerable Software and Affected Versions Keras affected versions not specified Description The Keras Model.load model method is susceptible to arbitrary local file loading and Server-Side Request Forgery SSRF, even when safe mode=True is enabled. This issue arises from the handling o...
EUVD-2023-50456
Malicious code in bioql PyPI...
EUVD-2025-21893
Malicious code in bioql PyPI...
CVE-2025-9983
GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only...