MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

CVE-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

CVE-2026-40191

Summary: CVE-2026-40191 affects ClearanceKit on macOS, where the Endpoint Security event handler prior to 5.0.4-beta-1f46165 only validated the source path of dual-path file operations against FAA rules and App Jail policies, ignoring the destination path. As a result, a local process could bypas...

CVE-2026-40191 ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

CVE-2026-40191 ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.4-beta-1f46165 contained security vulnerabilities. These vulnerabilities stemmed from the endpoint security event handler only checking the source path for double-path...

Vanna 安全漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an injection vulnerability in the exec function located in the src/vanna/legacy directory, which could allow for remote execution...

EUVD-2026-8629

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

EUVD-2015-6264

Malware in sbrugna...

CVE-2025-9434

creationtimestamp| type| source ---|---|--- 2025-08-26 04:51:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxbpqv6aet24...

CVE-2025-8774

creationtimestamp| type| source ---|---|--- 2025-08-10 01:11:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvz3yvbial2e...

PT-2025-32416 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2 Description: A cross-site scripting issue exists in Scada-LTS Virtual Data Source Property Handler. The manipulation of the Name argument in the /data source edit.shtm file can lead to exploitation. The...

PT-2024-34397 · Unknown · Smart Agent

Name of the Vulnerable Software and Affected Versions: Smart Agent version 1.1.0 Description: A Server-Side Request Forgery SSRF issue allows a remote attacker to obtain sensitive information via a crafted script to the "/FB/getFbVideoSource.php" component. This enables the attacker to access...

CVE-2023-49088

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in...

CVE-2023-49088

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in...

CVE-2023-39515

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

CVE-2023-39515 Stored Cross-site Scripting on data_debug.php datasource path view in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

CVE-2022-34662

creationtimestamp| type| source ---|---|--- 2022-11-01 19:13:52+00:00| seen| https://t.me/cibsecurity/52392 2025-05-06 04:20:30+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15055 2025-08-22 21:02:31+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwze4vjpl42z...

CVE-2022-35004

JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT at /src/jpeg.inl...

PT-2022-16266 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.10.6 Joomla! versions 4.0.0 through 4.1.0 Description: An issue was discovered where uploading a file with an excessively long name causes an error. This error results in the display of the web application's...