BIT-MLFLOW-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

CVE-2025-62413

MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...

EUVD-2018-20007

Malware in sbrugna...

Docker Engine < 25.0.13 / 26.0 < 28.0.0 Network Isolation Failure

The version of the Docker Engine Moby installed on the remote host is prior to 23.0.15 or 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on th...

CVE-2025-54410

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create...

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2025-24514, CVE-2025-1097, CVE-2025-1098)

Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/auth-url annotation CVE-2025-24514 or the nginx.ingress.kubernetes.io/auth-tls-match-cn...

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0...

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 CVSS score: 8.8, the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local...

Ingress nginx annotation injection causes arbitrary command execution

Issue Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx...

PT-2023-6562

Name of the Vulnerable Software and Affected Versions Intel Processors affected versions not specified Description A sequence of processor instructions can lead to unexpected behavior in some Intel processors, potentially allowing an authenticated user to enable escalation of privilege, informati...

Information disclosure

An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3....

CVE-2018-8360

The CVE-2018-8360 entry describes an information-disclosure vulnerability in Microsoft .NET Framework that could allow access to information in multi-tenant environments. Affected products include multiple .NET Framework versions (3.0/3.5/3.5.1/4.5.2/4.6.x/4.7/4.7.1/4.7.2, 2.0, and 4.6/4.6.1/4.6....

Microsoft .NET Framework Information Disclosure Vulnerability (KB4344146)

This host is missing an important security update according to Microsoft KB4344146 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft .NET Framework Information Disclosure Vulnerability (KB4344152)

This host is missing an important security update according to Microsoft KB4344152 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft .NET Framework Multiple Vulnerabilities (KB4344147)

This host is missing an important security update according to Microsoft KB4344147 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft .NET Framework Information Disclosure Vulnerability (KB4344149)

This host is missing an important security update according to Microsoft KB4344149 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Description of the Security Only update for .NET Framework 4.5.2 for Windows Server 2012 (KB 4344172)

Description of the Security Only update for .NET Framework 4.5.2 for Windows Server 2012 KB 4344172 Summary This security update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The...

Description of the Security Only update for .NET Framework 4.5.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4344171)

Description of the Security Only update for .NET Framework 4.5.2 for Windows 8.1, RT 8.1, and Server 2012 R2 KB 4344171 Summary This security update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant...

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1, and for .NET Framework 4.6 for Server 2008 SP2 (KB 4344167)

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1, and for .NET Framework 4.6 for Server 2008 SP2 KB 4344167 Summary This security update resolves an information disclosure vulnerability in Microsoft .NET...

Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 (KB 4344148)

Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 KB 4344148 Summary This update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The...