GHSA-M23H-6MWM-39M8 Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

CVE-2026-32684

The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information...

ILM Informatique OpenConcerto 安全漏洞

ILM Informatique OpenConcerto is a business management software suite developed by the French company ILM Informatique. Version 1.7.5 of ILM Informatique OpenConcerto contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading...

Security Bulletin: IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability (CVE-2026-6389)

Summary IBM Turbonomic Prometurbo is an agent used by IBM Turbonomic Application Resource Management to integrate with Prometheus to collect application metrics and send them to Turbonomic for analysis and generation of optimization plans. A security vulnerability has been addressed in the IBM...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from incorrect behavior when the real UID and the effective UID differ. This could lead to automated scripts or system administrators making...

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

CVE-2025-64529 SpiceDB's WriteRelationships fails silently if payload is too big

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions prior to 1.45.2, users who use the exclusion operator somewhere in their authorization schema; have configured their SpiceDB server such that...

EUVD-2019-6652

Malware in sbrugna...

EUVD-2016-7416

Malware in sbrugna...

EUVD-2006-6663

Malware in sbrugna...

EUVD-2024-36868

Malicious code in bioql PyPI...

EUVD-2022-5367

Malicious code in bioql PyPI...

EUVD-2024-0007

Malicious code in bioql PyPI...

EUVD-2025-19199

Malicious code in bioql PyPI...

EUVD-2024-2780

Malicious code in bioql PyPI...

EUVD-2021-28354

Malicious code in bioql PyPI...

EUVD-2024-3541

Malicious code in bioql PyPI...

CVE-2025-9137

A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduledevents.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The...

Linux Distros Unpatched Vulnerability : CVE-2025-32802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root...

PT-2025-22332

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description There are several OS command injection vulnerabilities in the device firmware, specifically in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic...