35222 matches found
PT-2026-53948
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Users with access to Redis can execute arbitrary code with full application privileges. This allows for the compromise of all secrets, data, and system integrity. Recommendations At th...
PT-2026-53968
Name of the Vulnerable Software and Affected Versions IBM UrbanCode Deploy versions 7.3 through 7.3.2.18 IBM DevOps Deploy versions 8.0 through 8.0.1.13 IBM DevOps Deploy versions 8.1 through 8.1.2.6 IBM DevOps Deploy versions 8.2 through 8.2.1.0 Description Authenticated users may be able to...
MAL-2026-6691 Malicious code in polymarket-clob-maths (npm)
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...
CVE-2026-56783 Parseable < 2.9.2 - Cleartext Credential Exposure in Notification Target API
Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...
PYSEC-2026-373 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...
Linux Distros Unpatched Vulnerability : CVE-2026-11625
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the...
EUVD-2026-39498
pnpm: Repository config can expand victim environment secrets into registry requests before scripts run...
CVE-2026-55069
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...
CVE-2026-49984
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local internal-storage backend validates user-supplied paths for .. traversal before it converts Windows-style backslashes to forward slashes. An attacker can therefore smuggle a traversal sequence past...
CVE-2026-55069 Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...
CVE-2026-55069
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: zitadel, guac, terraform-provider-aws-fips, splunk-otel-collector, crossplane-provider-azure-alertsmanagement, src, teleport, opentelemetry-collector, vault-fips, crossplane-provider-aws-opensearchserverless-fips, chainloop-cli, kyverno-fips,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: zitadel, guac, terraform-provider-aws-fips, splunk-otel-collector, crossplane-provider-azure-alertsmanagement, src, teleport, opentelemetry-collector, vault-fips, crossplane-provider-aws-opensearchserverless-fips, chainloop-cli, kyverno-fips,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: kubescape-server, mattermost-fips, zitadel, kine, prometheus-elasticsearch-exporter, gitea, kyverno, opentelemetry-collector, drone-fips, nemo, gitea-fips, kyverno-fips, cilium-cli, trivy, external-secrets-operator-fips, cloud-provider-aws, chisel-fips, kuma,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: guac, helm, sealed-secrets, crossplane-provider-azure-managedidentity, kubernetes, docker-machine-driver-linode, rancher-agent, gptscript, knative-serving, nuclei, crossplane-provider-aws-elasticache, pulumi-language-dotnet, k3s, hcloud, external-secrets-operator,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: guac, helm, crossplane-provider-azure-managedidentity, kubernetes, rancher-agent, gptscript, knative-serving, nuclei, pulumi-language-dotnet, k3s, hcloud, external-secrets-operator, kyverno, argo-cd, scorecard, tflint, cosign, terragrunt, crossplane-provider-azure-sq...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: guac, helm, kubernetes, rancher-agent, gptscript, knative-serving, nuclei, pulumi-language-dotnet, k3s, kyverno, external-secrets-operator, scorecard, argo-cd, terragrunt, gitlab-kas, zarf, spire-server, witness, cloud-provider-aws, pulumi-language-yaml, wolfictl,...
CVE-2026-11702
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...
CVE-2026-11625
Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...
CVE-2026-11702 Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes
Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess...