CVE-2026-6614

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...

CVE-2026-3057

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

EUVD-2026-7410

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

CVE-2026-3057 a54552239 pearProjectApi Backend Task.php dateTotalForProject sql injection

A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...

CVE-2026-3057

CVE-2026-3057 affects the a54552239 pearProjectApi, specifically the Backend Interface component. The vulnerability resides in the function dateTotalForProject in application/common/Model/Task.php, where manipulating the projectCode argument leads to a SQL injection. The issue can be exploited re...

EUVD-2025-26875

Malicious code in bioql PyPI...

GO-2025-3934 Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd

Argo CD's Project API Token Exposes Repository Credentials in github.com/argoproj/argo-cd...

Insecure Deserialisation

clearml is vulnerable to Insecure Deserialisation. The vulnerability is due to Deserialisation of untrusted data. An attacker can upload a malicious pickle file via the project API to run arbitrary code on an end user's system...

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances...

CircleCI Urges Customers to Rotate Secrets Following Security Incident

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. The company said an investigation is currently ongoing, but emphasized that "there are no unauthorized actors active in our systems." Additional details are expected t...

FreeBSD : Gitlab -- Multiple Vulnerabilities (1aa7a094-1147-11ea-b537-001b217b3468)

Gitlab reports : Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability stat...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability statu...