Anyscale Ray - Remote Code Execution

Anyscale Ray 2.6.3 and 2.8.0 contain a remote code execution vulnerability due to insecure job submission API, allowing attackers to execute arbitrary code remotely if they have network access to the Ray Dashboard API. id: CVE-2023-48022 info: name: Anyscale Ray - Remote Code Execution author:...

EUVD-2026-31865

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...

CVE-2026-2264 Server-Side Request Forgery and Credential Exfiltration in Google Cloud Apigee via SetIntegrationRequest Policy.

A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery SSRF and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API...

PT-2026-43276

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description The software exposes a gRPC API server on port 50052 that lacks an authentication mechanism. The server is initialized using grpc::InsecureServerCredentials, allowing any user...

CVE-2026-44263

Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. This issue has been patched in version 5.17.1...

Meesho Online Shopping 加密问题漏洞

Meesho Online Shopping is an e-commerce system developed by the Meesho company. Versions of Meesho Online Shopping prior to 27.3 contained a security vulnerability related to encrypted data handling. This vulnerability stemmed from incorrect operations with files and API endpoints, potentially...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.90 contained security vulnerabilities. These vulnerabilities stemmed from the passthrough and apassthrough functions accepting an apibase parameter controlled by the caller...

CVE-2026-33530

The CVE affects InvenTree prior to version 1.2.6, where bulk data API endpoints (e.g., /api/part/, /api/stock/, /api/order/so/allocation/, etc.) accept a filters parameter that is passed directly to Django queryset.filter(**filters) without any field allowlisting. This allows an authenticated use...

Jenkins LoadNinja Plugin 安全漏洞

The Jenkins LoadNinja Plugin is an open-source plugin developed by Jenkins. The Jenkins LoadNinja Plugin versions 2.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the insecure storage of API keys, which may lead to credential leaks...

CVE-2026-22251

The CVE-2026-22251 entry concerns the wlc Weblate command-line client. Before version 1.17.0, wlc allowed unscoped API keys to be stored in settings, a practice that could enable an API key to be leaked to different servers. Public advisories from Debian/Ubuntu/OSV reflect this issue and referenc...

CVE-2025-3654

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...

CVE-2025-3654

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...

CVE-2025-3654

Petlibro Smart Pet Feeder Platform (vulnerable up to 1.7.31) exposes an information disclosure via insecure API endpoint /device/devicePetRelation/getBoundDevices. Attackers can retrieve device hardware identifiers (serial numbers, MAC addresses) by supplying a pet ID, potentially enabling unauth...

CVE-2025-3654 Petlibro Smart Pet Feeder Platform through 1.7.31 Information Disclosure via API endpoint

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...

PT-2026-1182

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an information disclosure issue. This allows unauthorized access to device hardware information. An attacker can obtain...

CVE-2025-8850

In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication 2FA flow. The system allows users to disable 2FA without requiring a valid OTP or backup code, bypassing the intended verification process. This vulnerability occurs because the backend do...

EUVD-2020-18732

Malware in sbrugna...

EUVD-2021-17133

Malware in sbrugna...

EUVD-2019-13317

Malware in sbrugna...

EUVD-2024-2636

Malicious code in bioql PyPI...