12878 matches found
Malicious Package
Overview @cloudplatform-single-spa/profile is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious Package
Overview @car-loans/close-flow-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @cloudplatform-single-spa/billing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
EUVD-2026-33492
A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...
CVE-2026-10172 Bdtask Multi-Store Inventory Management System Component Module.php upload unrestricted upload
A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...
CVE-2026-10172 Bdtask Multi-Store Inventory Management System Component Module.php upload unrestricted upload
A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...
EUVD-2026-33475
A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accountsreportsearch of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDat...
PT-2026-45176
A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...
Bdtask Multi-Store Inventory Management System 代码问题漏洞
Bdtask Multi-Store Inventory Management System is an inventory management system for multiple stores developed by the Bangladeshi company Bdtask. Version 1.0 of the Bdtask Multi-Store Inventory Management System has code vulnerabilities. These vulnerabilities stem from the parameter module in the...
CVE-2026-10155 Bdtask Multi-Store Inventory Management System Accounts Report Accounts.php accounts_report_search sql injection
A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accountsreportsearch of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument dtpToDat...
CVE-2026-10155
The CVE-2026-10155 describes a SQL injection in Bdtask Multi-Store Inventory Management System 1.0, specifically in accounts_report_search (application/modules/accounts/controllers/Accounts.php of Accounts Report Handler). The vulnerability is triggered by manipulating the argument dtpToDate, ena...
[SECURITY] Fedora 43 Update: docker-compose-5.1.4-1.fc43
Define and run multi-container applications with Docker...
PT-2026-45141
A vulnerability was found in Bdtask Multi-Store Inventory Management System 1.0. The impacted element is the function accounts report search of the file application/modules/accounts/controllers/Accounts.php of the component Accounts Report Handler. Performing a manipulation of the argument...
Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety
Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...
praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership
Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspaceid/issues/issueid/activity endpoint is gated by requireworkspacememberworkspaceid and dispatches to ActivityService.listforissueissueid, which executes SELECT FROM activity WHERE issueid = :issueid with no workspace...
CVE-2026-9091
Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...
CVE-2026-44697 Klever-Go MultiDataInterceptor: remote OOM via crafted compressed P2P payload
Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...
CVE-2026-45707
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that...
CVE-2026-45707
n8n-MCP vulnerability CVE-2026-45707 affects HTTP-mode multi-tenant deployments. Before v2.51.2, when ENABLE_MULTI_TENANT=true, per-request target n8n instance is chosen via x-n8n-url/x-n8n-key headers; omitting or partially omitting these headers caused requests to fall back to the operator’s pr...
CVE-2026-45707 n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that...