GHSA-CHQV-56WV-7564 Deno's TLS retry copies stale upgrade hook, risking plaintext traffic

Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...

CVE-2026-46427

Budibase prior to 3.38.3 exposes Snowflake private keys via the datasource API. The removeSecrets filter masks only datasource config fields with schema type DatasourceFieldType.PASSWORD; Snowflake integration marks privateKey as SENSITIVE_LONGFORM, which is not filtered, allowing a BASIC-authent...

Apache Apisix 安全漏洞

Apache APISIX is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...

CVE-2026-39943

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

PT-2026-31649

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directus revisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automated management tool provided by IBM Corporation. Versions of IBM Sterling Partner Engagement Manager prior to 6.2.3.5 and 6.2.4.2 contain security vulnerabilities. These vulnerabilities stem from the possibility of sensitive information being...

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

Gallagher Command Centre Mobile Client 安全漏洞

Gallagher Command Centre Mobile Client is a mobile application developed by the New Zealand-based company Gallagher. Versions of Gallagher Command Centre Mobile Client prior to version 9.40.123 contained security vulnerabilities. These vulnerabilities stemmed from the storage of sensitive...

Dell ECS and Dell ObjectScale security vulnerabilities

Dell ECS and Dell ObjectScale are both products of the American company Dell. Dell ECS is an scalable, manageable, and elastic enterprise-level object storage solution. Dell ObjectScale is an object storage platform. There are security vulnerabilities in versions 3.8.1.0 to 3.8.1.7 of Dell ECS, a...

Dell ECS security vulnerabilities

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.2.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from the transmission of sensitive information in...

hermes 日志信息泄露漏洞

Hermes is a workflow platform open-sourced by Automated Software Metadata Publication. A log information disclosure vulnerability exists in hermes version 0.8.1 through versions prior to 0.9.1, which stems from the hermes subcommand logging arbitrary options in raw form under the -O parameter,...

EUVD-2019-8938

Malware in sbrugna...

EUVD-2011-1217

Malware in sbrugna...

EUVD-2017-16342

Malware in sbrugna...

EUVD-2017-14735

Malware in sbrugna...

EUVD-2015-5940

Malware in sbrugna...

EUVD-2024-27324

Malicious code in bioql PyPI...

EUVD-2023-34981

Malicious code in bioql PyPI...

CVE-2025-10227

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...

CVE-2025-10227 Lack of Encryption in Object Archive in AxxonSoft Axxon One (C-Werk) before 2.0.8

Missing Encryption of Sensitive Data CWE-311 in the Object Archive component in AxxonSoft Axxon One C-Werk before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at...