CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

CVE-2025-3717

Grafana is an open-source platform for monitoring and observability. The Grafana-Snowflake-Datasource is a plugin allowing Grafana to visualize data from Snowflake Versions between 1.5.0 and 1.14.0 are vulnerable to a bug when Oauth passthrough is enabled, and multiple users are using the same...

Malicious code in ac-shared-instance (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25b7af9d106463b8924808d5fee450cebfb97597573f764e76939e297a483174 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the shared instance used in field injection without a CDI scope. An attacker can manipulate request data, impersonate users, or access sensitive information by exploiting the leakage of...