61 matches found
CVE-2026-21851
MONAI has a Path Traversal (Zip Slip) vulnerability in its NGC private bundle download path. In MONAI
CVE-2026-21851 MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...
CVE-2026-21851 MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...
CVE-2026-21851 MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...
EUVD-2026-1039
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...
PT-2026-2101
Name of the Vulnerable Software and Affected Versions MONAI versions up to and including 1.5.1 Description MONAI Medical Open Network for AI is an AI toolkit for health care imaging. A Path Traversal Zip Slip issue exists in the download from ngc private function. This function utilizes...
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
Summary A Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar download functions in the same codebase properly use the existing safeextractmember function. This appears t...
EUVD-2023-40613
Malicious code in bioql PyPI...
EUVD-2023-40612
Malicious code in bioql PyPI...
EUVD-2025-14249
Malicious code in bioql PyPI...
EUVD-2025-14325
Malicious code in bioql PyPI...
EUVD-2025-14326
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-ngc (npm)
The package @zalastax/nolb-ngc was found to contain malicious code...
MAL-2025-12504 Malicious code in @zalastax/nolb-ngc (npm)
The package @zalastax/nolb-ngc was found to contain malicious code...
Friday Squid Blogging: NGC 1068 Is the “Squid Galaxy”
I hadn't known that the NGC 1068 galaxy is nicknamed the "Squid Galaxy." It is, and it's spewing neutrinos without the usual accompanying gamma rays. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...
CVE-2023-36670
A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...
CVE-2025-4528
A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affecte...
CVE-2025-4527
A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulation results in client-side enforcement of server-side security. The attack can be initiated remotely...
CVE-2025-4526
A vulnerability was identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. The affected element is an unknown function of the component Configuration Page. Such manipulation leads to missing password field masking. It is possible to launch the attack remotely. Upgrading to version 3.48.22 is...
CVE-2025-4528
A vulnerability was found in Dígitro NGC Explorer up to 3.44.15 and classified as problematic. This issue affects some unknown processing. The manipulation leads to session expiration. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond i...