Astra Linux - уязвимость в pgagent

When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator was used when generating the directory name, which allows a local attacker to pre-create the directory a...

Missing Authentication for Critical Function

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FastAPI...

EUVD-2026-18809

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FastAPI endpoints under /ajax-api/3.0/jobs/ when the basic-auth app is enabled. An attacker can gain unauthorized access to submit, read, search, and cancel jobs by sending network...

GHSA-7QHF-V65M-G5F3 mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

PT-2026-30198

Name of the Vulnerable Software and Affected Versions mlflow/mlflow affected versions not specified Description The FastAPI job endpoints under /ajax-api/3.0/jobs/ in mlflow/mlflow are not protected by authentication or authorization when the basic-auth app is enabled. If job execution is enabled...

📄 Extensis Portfolio Manager 4.0.1 Shell Upload

This Metasploit module exploits multiple vulnerabilities in Extensis Portfolio Server to achieve remote code execution. It leverages CVE-2022-24251 and related issues to upload a JSP webshell and execute arbitrary commands. Version 4.0.1 is affected...

CVE-2023-40061

Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result...

Missing Authorization

PowerJob is vulnerable to Missing Authorization. The vulnerability is due to insufficient authorization checks in the /openApi/runJob endpoint of OpenAPIController, allowing remote attackers to invoke job execution without proper authentication or authorization...

EUVD-2013-4208

Malware in sbrugna...

EUVD-2008-3812

Malware in sbrugna...

EUVD-2014-2659

Malware in sbrugna...

EUVD-2015-5038

Malware in sbrugna...

EUVD-2023-54548

Malicious code in bioql PyPI...

EUVD-2024-47662

Malicious code in bioql PyPI...

EUVD-2022-6909

Malicious code in bioql PyPI...

EUVD-2023-44668

Malicious code in bioql PyPI...

EUVD-2023-44558

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-41801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run,...

CVE-2025-22236

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...