CVE-2026-45043

RustFS vulnerability CVE-2026-45043: prior to 1.0.0-beta.2, improper validation in PUT /rustfs/admin/v3/import-iam lets a user with ImportIAMAction create service accounts under arbitrary parents, including minioadmin, by submitting attacker-controlled parent, claims, accessKey and secretKey. Thi...

Fedora 44 : python3.15 (2026-2ee2d7abd5)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2ee2d7abd5 advisory. New prerelease of Python 3.15 with several CVE fixes Tenable has extracted the preceding description block directly from the Fedora security advisor...

Fedora 43 : python3.15 (2026-e2ada1fa1e)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e2ada1fa1e advisory. New prerelease of Python 3.15, containing fixes to a few CVEs. Tenable has extracted the preceding description block directly from the Fedora securi...

CVE-2026-25126

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...

CVE-2026-25126

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...

CVE-2026-25126

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...

EUVD-2026-4937

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...

BACnet Stack 缓冲区错误漏洞

BACnet Stack is a BACnet open source protocol stack C library for embedded systems, Linux, MacOS, BSD and Windows. A buffer error vulnerability exists in BACnet Stack versions prior to 1.5.0.rc2, which stems from the npduisexpectedreply function failing to validate the presence of an APDU byte,...

LibreChat 代码问题漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. A code issue vulnerability exists in versions prior to LibreChat 0.8.1-rc2 that stems from a server-side request forgery in the Actions feature, which could lead to server impersonation...

CVE-2025-59989

CVE-2025-59989 affects Juniper Networks Junos Space prior to version 24.1R4. The issue is an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) on the Device Discovery page, allowing an attacker to inject script tags which, when viewed by another user, can execute ...

EUVD-2005-4125

Malware in sbrugna...

CVE-2025-54876 Jans CLI stores plaintext passwords in the local cli_cmd.log file

The Janssen Project is an open-source identity and access management IAM platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local clicmd.log file. This is fixed in the nightly prerelease...

CVE-2024-41111

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

PT-2024-29267 · Sliver · Sliver

Name of the Vulnerable Software and Affected Versions: Sliver version 1.6.0 prerelease Sliver versions prior to 1.6.0 Description: Sliver is an open source cross-platform adversary emulation/red team framework that can be used by organizations of all sizes to perform security testing. It is...

PT-2023-22203 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.9-rc-1 Description: The issue arises from the lack of checks on the author of a JavaScript xobject or StyleSheet xobject added to a XWiki document. This allowed a user with only Edit Right to create such an object a...

Malicious code in prerelease-registry (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9616f1565493e2eca538eb780a3858bba8eba8137467ce81fa87a45eea341072 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DisCatSharp 信息泄露漏洞

DisCatSharp is a lovely wrapper for the Discord API. An information disclosure vulnerability exists in DisCatSharp versions 9.8.5, 9.8.6, 9.9.0, and 10.0.0 pre-release, which stems from the use of two RequireDisCatSharpDeveloperAttribute or BaseDiscordClient. One of the LibraryDeveloperTeam sends...

GHSA-J977-G5VJ-J27G Cross-Site Scripting in scratch-svg-renderer

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function...

CVE-2018-16268

The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based...

PYSEC-2019-131

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...