CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

CVE-2026-8597

CVE-2026-8597 : Missing integrity verification in the Triton inference handler of the Amazon SageMaker Python SDK (v2 before 2.257.2; v3 before 3.8.0) may allow a remote authenticated actor with S3 write access to replace model artifacts in S3 with a crafted pickle payload, enabling code executio...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...

Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

The Go SDK recently transitioned to the segmentio/encoding library for JSON parsing in version 1.3.1. While this change addressed both case-insensitivity and ASCII folding issues, the new parser implemented aggressive key matching that treated keys with null Unicode characters appended at the end...

MiracleLinux 9 : dotnet9.0-9.0.107-1.el9_6.ML.1 (AXSA:2025-10581:16)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10581:16 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New...

CVE-2025-14761

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

EUVD-2021-1376

Malware in sbrugna...

EUVD-2023-1061

Malicious code in bioql PyPI...

EUVD-2022-25078

Malicious code in bioql PyPI...

sentry-android unmasked sensitive data in Android Session Replays for users of Jetpack Compose 1.8+

Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any sentry-android with versions = 1.8.0-alpha08 - This includes any alpha, beta, release candidate, or general...

CVE-2022-1799

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...

Interchain Security: The signers of ICS messages do not need to match the provider address

Context ICS has the following four messages that enable validators on the provider chain to perform different actions: - MsgOptIn -- adds a validator to the consumer chain’s active set - MsgOptOut -- removes a validator from the consumer chain’s active set - MsgAssignConsumerKey -- changes the...

GHSA-7Q74-G774-7X3G Interchain Security: The signers of ICS messages do not need to match the provider address

Context ICS has the following four messages that enable validators on the provider chain to perform different actions: - MsgOptIn -- adds a validator to the consumer chain’s active set - MsgOptOut -- removes a validator from the consumer chain’s active set - MsgAssignConsumerKey -- changes the...

Design/Logic Flaw

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

Solana Pay Vulnerable to Weakness in Transfer Validation Logic

Description When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied validateTransfer function. An edge case regarding this mechanism could cause the validation logic to validate multiple...

GHSA-J47C-J42C-MWQQ Solana Pay Vulnerable to Weakness in Transfer Validation Logic

Description When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied validateTransfer function. An edge case regarding this mechanism could cause the validation logic to validate multiple...

PT-2022-14122 · Google · Google Play Services Sdk Play-Services-Basement

Name of the Vulnerable Software and Affected Versions: Google Play services SDK play-services-basement versions prior to 2022-05-03 release Description: The issue is related to incorrect signature trust within the Google Play services SDK play-services-basement. Specifically, a debug version of...

CVE-2022-23651

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

Use of a Broken or Risky Cryptographic Algorithm

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Rational Business Developer (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" Attach for SSL/TLS affects IBM Rational Business Developer. Vulnerability Details CVE-ID: CVE-2015-2808 Description: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...