Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the POST /wikis/wikiName endpoint. An attacker can create or update documents in the target wiki by sending unauthenticated requests to the affected REST endpoint. Remediation Upgrade...

MAL-2026-1139 Malicious code in fwk-amigapython-rest-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9694db9e75e6f3f31137edfba3f3a51ede2881961ee930ea4a4b02e1be086fc8 During import, only in specific environments, a module containing code disguised as telemetry is imported. This code then exfiltrates sensitive environment...

GHSA-PGQP-8H46-6X4J MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

Origin Validation Error

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Origin Validation Error in the REST server, accessible via the...

CVE-2025-14279

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

CVE-2025-14279

The CVE details a DNS rebinding vulnerability in MLflow up to version 3.4.0 caused by lack of Origin header validation in the MLflow REST server. The issue allows an attacker to bypass Same-Origin Policy and issue unauthorized requests to REST endpoints, enabling querying, updating, and deleting ...

[SECURITY] Fedora 41 Update: restic-0.18.1-1.fc41

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

EUVD-2020-0977

Malware in sbrugna...

EUVD-2019-0402

Malware in sbrugna...

EUVD-2022-3555

Malicious code in bioql PyPI...

Malicious code in audaces-perps-rest-server (npm)

The package audaces-perps-rest-server was found to contain malicious code...

Malicious code in bartok-rest-server (npm)

The package bartok-rest-server was found to contain malicious code...

MAL-2025-15032 Malicious code in audaces-perps-rest-server (npm)

The package audaces-perps-rest-server was found to contain malicious code...

MAL-2025-15488 Malicious code in bartok-rest-server (npm)

The package bartok-rest-server was found to contain malicious code...

The vulnerability of the org.xwiki.platform:xwiki-platform-repository-rest-server component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the “org.xwiki.platform:xwiki-platform-repository-rest-server” component of the XWiki Platform relates to the absence of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Security Bulletin: A mitigation is being announced to address CVE-2021-29789

Summary IBM products 8335-GTC, 8335-GTG, 8335-GTH, 8335-GTW, and 8335-GTX have identified a security vulnerability. BMC field mode is normally enabled but may not be enabled on systems which have had their BMC replaced. Vulnerability Details CVEID: CVE-2021-29789 Description: IBM BMCs could have...

Missing Release of Memory after Effective Lifetime

Overview org.infinispan:infinispan-server-rest is an Infinispan Rest Server. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the REST compare API. A user can trigger an OutOfMemoryError by sending many requests with large 1 MiB POST data ...

The vulnerability of the org.xwiki.platform:xwiki-platform-rest-server component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to gain unauthorized access to protected information.

The vulnerability of the org.xwiki.platform:xwiki-platform-rest-server component of the XWiki Platform framework involves data leakage. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions...