CVE-2026-32613

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

CVE-2026-39842 OpenRemote is Vulnerable to Expression Injection

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation

Overview Wolfram Cloud version 14.2 allows Java Virtual Machine JVM unrestricted access to temporary resources in the /tmp/ directory of the cloud environment which may result in privilege escalation, information exfiltration, and remote code execution. In the same cloud instance, temporary...

EUVD-2023-35752

Malicious code in bioql PyPI...