CVE-2026-27952

Agenta’s API server prior to v0.48.1 used RestrictedPython to sandbox user-supplied evaluator code, but incorrectly whitelisted numpy. An authenticated user could escape the sandbox via numpy.ma.core.inspect (exposing sys.modules) and achieve arbitrary code execution on the API server. The issue ...

EUVD-2023-56397

Malicious code in bioql PyPI...

Audiobookshelf 安全漏洞

Audiobookshelf is a self-hosted audiobook and podcast server from Audiobookshelf Open Source. A security vulnerability exists in Audiobookshelf versions 2.6.0 through 2.26.3, which stems from an unrestricted redirect callback URL in the OIDC authentication, which could lead to account takeover...

CVE-2023-36474

Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

CVE-2023-47619 Audiobookshelf Server-Side Request Forgery and Arbitrary File Read Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of...

Audiobookshelf Path Traversal Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server from audiobookshelf open source. A path traversal vulnerability exists in Audiobookshelf 2.4.3 and earlier versions, which stems from the presence of a path traversal that allows any user to read files from the local file system,...

CVE-2023-36474 Interactsh server settings make users vulnerable to Subdomain Takeover

Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...