7916 matches found
PT-2026-5099
Name of the Vulnerable Software and Affected Versions Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18 Description A cross-site request forgery CSRF issue exists in the software. An authenticated user can potentially cause another user to perform unintended...
Malicious code in solhint-plugin-hyperlane (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5f1d66ba0771661e6786da7d4953af3fc1ff1e280d1c666abd1e69e481274747 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...
AnythingLLM security vulnerabilities
AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.10.0 contained a security vulnerability. This vulnerability stemmed from the /api/setup-complete endpoint exposing the QdrantApiKey in plain text, which could allow attackers to gain read/write...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005005)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005005 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: do not allow call hns3nicnetopen repeatedly hns3nicnetopen is not allowed to called...
CVE-2026-24477
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
CVE-2026-24477 AnythingLLM has key leak in `systemSettings.js`
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
BentoML has a Path Traversal via Bentofile Configuration
Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...
Directory Traversal
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Directory Traversal via the processing of user-supplied file paths in configuration fields description, docker.setupscript, docker.dockerfiletemplate, and conda.environmentyml...
GHSA-6R62-W2Q3-48HF BentoML has a Path Traversal via Bentofile Configuration
Summary BentoML's bentofile.yaml configuration allows path traversal attacks through multiple file path fields description, docker.setupscript, docker.dockerfiletemplate, conda.environmentyml. An attacker can craft a malicious bentofile that, when built by a victim, exfiltrates arbitrary files fr...
Malicious code in radishwxm5 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4cbabb01d98bcad5705b98f5aac22b9d8f53e8c97e2fe5ab8bca66661e6c0644 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-510 Malicious code in radishwxm5 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4cbabb01d98bcad5705b98f5aac22b9d8f53e8c97e2fe5ab8bca66661e6c0644 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-24421
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated but does not verify that the requester has...
PT-2026-4834
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
MAL-2026-505 Malicious code in flask-hookserver (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4d5afd1538994efa55632d3ed6d7c9fa419fb26c542b641a3efbd7b35501ea58 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in test-poc-package-for-session (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9f768feb5a11add4d0ac64d8f24777461d3586e719a57d4432711ee6aae4f112 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2026-502 Malicious code in test-poc-package-for-session (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9f768feb5a11add4d0ac64d8f24777461d3586e719a57d4432711ee6aae4f112 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
Malicious code in test-poc-package-for-session-2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0b7003b7bd9585bbb25ce1f957ffef83603883d550f07f77443780a7d47a7f20 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...
MAL-2026-503 Malicious code in test-poc-package-for-session-2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0b7003b7bd9585bbb25ce1f957ffef83603883d550f07f77443780a7d47a7f20 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...