CVE-2026-4137

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

CVE-2026-40038

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

CVE-2026-6553

TYPO3 CMS 14.2.0 is affected by CVE-2026-6553 where changing backend users’ passwords via the user settings module stores the cleartext password in the be_users.uc and be_users.user_settings fields. The root cause is plaintext password storage in these fields, leading to exposure of credentials. ...

CVE-2026-32867

OPEXUS eComplaint before version 10.1.0.0 allows an unauthenticated attacker to obtain or guess an existing case number and upload arbitrary files via 'Portal/EEOC/DocumentUploadPub.aspx'. Users would see these unexpected files in cases. Uploading a large number of files could consume storage...

Use of GET Request Method With Sensitive Query Strings

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the process that appends authentication material to the browser URL query string and persists it in browser localStorage. An...

CVE-2024-34600

Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage...

GHSA-HQ76-6GH2-5G4Q Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

EUVD-2002-1432

Malware in sbrugna...

EUVD-2020-22104

Malware in sbrugna...

EUVD-2008-2874

Malware in sbrugna...

EUVD-2018-6255

Malware in sbrugna...

EUVD-2018-6003

Malware in sbrugna...

EUVD-2020-30224

Malware in sbrugna...

EUVD-2021-14130

Malware in sbrugna...

EUVD-2022-3114

Malicious code in bioql PyPI...

EUVD-2024-19910

Malicious code in bioql PyPI...

CVE-2025-5154

A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...

CVE-2019-14252

An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:\PUBLISURE\webservice\webpages\AdminDir\Templates\ folder even if remove...

CVE-2005-2866

Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges...

BIT-MOODLE-2024-43428 Moodle: cache poisoning via injection into storage

To address a cache poisoning risk in Moodle, additional validation for local storage was required...