PT-2026-45052

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generate api server code that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that:...

CLSA-2026-1779224622 samba: Fix of CVE-2023-4091

CVE-2023-4091: fix openfile access check that allowed a client with read-only share access to truncate files via SMB2 OVERWRITE; the access check now uses openaccessmask instead of the requested accessmask...

VulGD: A LLM-Powered Dynamic Open-Access Vulnerability Graph Database

Software vulnerabilities continue to pose significant threats to modern information systems, requiring a timely and accurate risk assessment. Public repositories, such as the National Vulnerability Database and CVE details, are regularly updated, but predominantly utilize relational data models...

CVE-2026-33439

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

CVE-2019-25242

FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by...

CVE-2025-10702

CVE-2025-10702 is a code-injection vulnerability in Progress DataDirect JDBC family (DataDirect Connect for JDBC, OpenAccess JDBC, and Hybrid Data Pipeline). The issue centers on the SpyAttribute connection option, which can be used with an undocumented syntax to load an arbitrary class on the cl...

CVE-2025-64099 OpenAM allows use of arbitrary OIDC requested claims values in id_token and user_info

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

MH-1M: A 1.34 Million-Sample Comprehensive Multi-Feature Android Malware Dataset for Machine Learning, Deep Learning, Large Language Models, and Threat Intelligence Research

We present MH-1M, one of the most comprehensive and up-to-date datasets for advanced Android malware research. The dataset comprises 1,340,515 applications, encompassing a wide range of features and extensive metadata. To ensure accurate malware classification, we employ the VirusTotal API,...

EUVD-2021-19639

Malware in sbrugna...

EUVD-2020-2743

Malware in sbrugna...

EUVD-2023-1953

Malicious code in bioql PyPI...

PT-2025-38919

Name of the Vulnerable Software and Affected Versions Jonathan Brinley DOAJ Export versions through 1.0.4 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Stored Cross-Site Scripting XSS. This allows an attacker...

Linux Distros Unpatched Vulnerability : CVE-2021-32917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the...

📄 Kemal Framework 1.6.0 Path Traversal

Kemal Framework version 1.6.0 suffers from a path traversal vulnerability. Exploit Title: Kemal Framework 1.6.0 - Path Traversal Discovered by: Ahmet Ümit BAYRAM Discovered Date: 04.04.2025 Vendor Homepage: https://github.com/kemalcr Software Link:...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in yimioa versions prior to v2024.07.04, which stems from an SQL injection in the listNameBySql method...

yimioa 安全漏洞

yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in yimioa version 2024.07.03 and prior versions, which stems from /oa/setup/setup.jsp contains an improper authorization issue...

CVE-2023-37471

Open Access Management OpenAM is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-...

Authentication flaw

Open Access Management OpenAM is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-...

CVE-2023-37471 User impersonation using SAMLv1.x SSO in Open Access Management

Open Access Management OpenAM is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-...

CVE-2023-37471 User impersonation using SAMLv1.x SSO in Open Access Management

Open Access Management OpenAM is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-...