1698 matches found
PT-2026-46188
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...
PT-2026-46189
Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.1 Description A flaw in the Dataset Digest Computation component allows the use of a weak hash. This issue occurs within the mlflow.data.digest utils function located in the mlflow/data/digest utils.py file. An...
EUVD-2026-34177
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
Gogs Git Rebase Argument Injection RCE
This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...
CVE-2026-10705
A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...
📄 Gogs Git Rebase Argument Injection / Remote Code Execution
This Metasploit module exploits an argument injection vulnerability in the pull request merge flow of Gogs versions less than or equal to 0.14.2 and less than or equal to 0.15.0+dev. frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2026-10565
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...
EUVD-2026-33871
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...
PT-2026-45683
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm state security mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an...
CVE-2026-10300
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...
CVE-2026-45131
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...
CVE-2026-45131
CloudPirates Open Source Helm Charts are affected by a vulnerability in the GitHub Actions pull-request.yaml workflow where attacker-controlled code from fork pull requests could run in a privileged context, exposing repository secrets (e.g., Docker Hub credentials/tokens). The issue precedes com...
CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...
CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...
EUVD-2026-33666
CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...
PYSEC-2026-184
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
PYSEC-2026-184
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
PT-2026-45663
A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora path leads to reachable assertion. The attack can be launched...
PT-2026-45467
Name of the Vulnerable Software and Affected Versions CloudPirates Open Source Helm Charts versions prior to commit fcf9302 Description A GitHub Actions workflow in the pull-request.yaml file executes attacker-controlled code from fork pull requests within a privileged context. This allows for th...
PT-2026-45187
A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...