CVE-2026-34261

CVE-2026-34261 affects SAP Business Analytics and SAP Content Management. Root cause: missing authorization check enables an authenticated user to call certain remote function modules beyond their permissions. Impact: confidentiality is affected; no noted impact to integrity or availability. Expl...

PT-2026-32568

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

CVE-2026-4302

The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.29. This is due to the plugin exposing a publicly accessible REST API endpoint optn/v1/integration-action with a permissioncallback of returntrue that...

CVE-2026-32887 Effect Bug: `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC

Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime inside a Next.js App Router route handler, any Node.js AsyncLocalStorage-dependent...

EUVD-2026-9896

OpenClaw versions prior to 2026.2.1 with the voice-call extension installed and enabled contain an authentication bypass vulnerability in inbound allowlist policy validation that accepts empty caller IDs and uses suffix-based matching instead of strict equality. Remote attackers can bypass inboun...

EUVD-2026-9348

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2...

CVE-2025-67780

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 e.g., on Mini1prod2 allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation,...

This Week in Spring - December 9th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am in lovely New Jersey, the Garden State , as I write this and I spent most of the last week in New Orleans. It's been a busy week in the Spring community and beyond and so you know what that means? There's a ton of stuff ...

CVE-2025-42885

CVE-2025-42885 concerns SAP HANA 2.0 (hdbrss), where missing authentication lets an unauthenticated attacker call a remote-enabled function to view information. This is a network-based issue with low confidentiality impact and no impact on integrity or availability, and has a CVSS3.1 base score o...

CVE-2025-42885 Missing authentication in SAP HANA 2.0 (hdbrss)

Due to missing authentication, SAP HANA 2.0 hdbrss allows an unauthenticated attacker to call a remote-enabled function that will enable them to view information. As a result, it has a low impact on the confidentiality but no impact on the integrity and availability of the system...

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the .keras archives when they are initialized with a path to a vocabulary file. The model deserialization process when loading the...

EUVD-2007-3425

Malware in sbrugna...

EUVD-2017-11587

Malware in sbrugna...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

Depermissioning Web3: a Permissionless Accountable RPC Protocol for Blockchain Networks

In blockchain networks, so-called "full nodes" serve data to and relay transactions from clients through an RPC interface. This serving layer enables integration of "Web3" data, stored on blockchains, with "Web2" mobile or web applications that cannot directly participate as peers in a blockchain...

PT-2024-29953 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating...

SUSE CVE-2020-29362

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS11 function call, the receiving...

Xiaomi SmartHome APP Information Disclosure Vulnerability

Xiaomi SmartHome APP is an app from Chinese company Xiaomi Xiaomi to manage Xiaomi smart home products. Xiaomi SmartHome APP suffers from an information leakage vulnerability, which originates from remote calls to some interfaces and can be exploited by attackers to obtain sensitive information...

Xiaomi SmartHome APP 信息泄露漏洞

Xiaomi SmartHome APP is an app from Chinese company Xiaomi Xiaomi to manage Xiaomi smart home products. Xiaomi SmartHome APP suffers from an information leakage vulnerability, which originates from remote calls to some interfaces and can be exploited by attackers to obtain sensitive information...

PYSEC-2022-42973

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...