CVE-2026-0234 Cortex XSOAR: Improper Verification of Cryptographic Signature in Microsoft Teams integration

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the MCP integration, which inherited complete environment variables when executing commands provid...

GHSA-MR6Q-RP88-FX84 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Summary The @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirel...

CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

CVE-2025-47699

CVE-2025-47699 affects Gallagher Command Centre Server via the Morpho integration. Root cause: Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497). Affected versions: 9.30 before 9.30.2482 (MR2), 9.20 before 9.20.2819 (MR4), 9.10 before 9.10.3672 (MR7), 9.00 befor...

EUVD-2019-8355

Malware in sbrugna...

EUVD-2019-0284

Malware in sbrugna...

EUVD-2022-15337

Malicious code in bioql PyPI...

EUVD-2024-34029

Malicious code in bioql PyPI...

EUVD-2024-35026

Malicious code in bioql PyPI...

EUVD-2025-7828

Malicious code in bioql PyPI...

CVE-2025-7696 Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function

The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...

CVE-2025-3415

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

CVE-2025-4659

The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...

CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

...

CVE-2024-45847

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...

IBM InfoSphere Information Server Server Side Request Forgery Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server has a server-side request forgery vulnerability that can be...

testing discord integration

Lines of code L1 Vulnerability details TEST --- The text was updated successfully, but these errors were encountered: All reactions...

UBUNTU-CVE-2022-2499

An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited b...