CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

PT-2026-44998

Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ affected versions not specified Description A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path can intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued AP...

CVE-2026-5936 Server-Side Request Forgery (SSRF) via URL Parameter in Foxit PDF Services API

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

GHSA-2CPP-J2FC-QHP7 AWS API MCP File Access Restriction Bypass

Description The AWS API MCP Server is an open source Model Context Protocol MCP server that enables AI assistants to interact with AWS services and resources through AWS CLI commands. It provides programmatic access to manage your AWS infrastructure while maintaining proper security controls. Thi...

CVE-2026-3497

OpenSSH CVE-2026-3497 concerns a flaw in the GSSAPI Key Exchange patch applied by several Linux distributions, not in the upstream OpenSSH project. The bug occurs when sshpkt_disconnect() is used on an error and does not terminate the process, allowing an attacker to send an unexpected GSSAPI mes...

CLEANSTART-2026-ZM51114 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

PT-2025-43623

Name of the Vulnerable Software and Affected Versions Dell Storage Manager versions 20.1.21 Description An improper authentication issue exists in Dell Storage Manager that could allow an unauthenticated remote attacker to bypass protection mechanisms. Specifically, an attacker can access APIs...

EUVD-2020-21383

Malware in sbrugna...

EUVD-2007-4649

Malware in sbrugna...

EUVD-2016-2855

Malware in sbrugna...

EUVD-2007-4651

Malware in sbrugna...

EUVD-2021-33237

Malicious code in bioql PyPI...

EUVD-2022-26164

Malicious code in bioql PyPI...

EUVD-2022-27821

Malicious code in bioql PyPI...

EUVD-2022-52711

Malicious code in bioql PyPI...

krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

WSO2 API Manager 代码问题漏洞

WSO2 API Manager is a suite of API lifecycle management solutions from US-based WSO2. A security vulnerability exists in WSO2 API Manager that stems from improper validation of user input in the SOAP management service, which could lead to arbitrary file uploads...

CVE-2022-22676

An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission...

CVE-2020-29001

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a...