Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-45046 Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

CVE-2026-45046 Gryph Agents Payload Filter Fails to Strip Tool Payload for Sensitive Content

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

EUVD-2026-30774

Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

Rack::Static prefix matching can expose unintended files under the static root

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

CVE-2025-69218

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the topuploads admin report which should be restricted to admins only. This report displays direct URLs to all uploaded files on the site, including sensitive...

Discourse security vulnerabilities

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions before 2025.11.2, 2025.12.1, and 2026.1.0...

CVE-2026-24437 Tenda W30E V2 Missing Cache Controls for Credential-bearing Pages

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

EUVD-2026-3209

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure...

CVE-2025-52659

CVE-2025-52659 affects HCL AION version 2, a AI lifecycle management platform. The vulnerability is a Cacheable HTTP Response issue that can cause unintended storage of sensitive or dynamic content, potentially enabling unauthorized access or information disclosure. The CVSS v3.1 base score is 7....

EUVD-2009-3549

Malware in sbrugna...

EUVD-2014-2556

Malware in sbrugna...

EUVD-2017-0089

Malware in sbrugna...

EUVD-2025-21448

Malicious code in bioql PyPI...

EUVD-2022-4688

Malicious code in bioql PyPI...

EUVD-2022-35164

Malicious code in bioql PyPI...