PT-2025-46788

Name of the Vulnerable Software and Affected Versions GitLab versions 3.1 through 7.7 Description Multiple vulnerabilities exist in GitLab CE and EE, including Cross-Site Scripting XSS, Information Disclosure, and Prompt Injection. These issues could potentially lead to a compromise of systems. A...

EUVD-2025-8756

Malicious code in bioql PyPI...

CVE-2025-27095

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server...

CVE-2025-27095

CVE-2025-27095 (JumpServer) affects JumpServer, an open source bastion host/O&M security audit system. Before versions 4.8.0 and 3.10.18, a low-privilege user can access the Kubernetes session feature and modify the kubeconfig file to redirect API requests to an attacker-controlled external serve...

PT-2025-13783

Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 4.8.0 JumpServer versions prior to 3.10.18 Description The issue allows an attacker with a low-privileged account to access the Kubernetes session feature and manipulate the kubeconfig file. This manipulation enabl...

JumpServer 安全漏洞

JumpServer is an open source bastion machine from Hangzhou, China-based Feizhiyun Information Technology JumpServer. A security vulnerability exists in JumpServer versions prior to 4.8.0 and 3.10.18, which stems from a low-privileged account that can access the Kubernetes session function and...