CVE-2026-27574 OneUptime: node:vm sandbox escape in probe allows any project member to achieve RCE

OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module explicitly documented as not a security mechanism to execute user-supplied code, allowing trivial sandbox escape via a well-known...

EUVD-2024-54978

Malicious code in bioql PyPI...

CVE-2023-33833

IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013...

PT-2023-18551 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.5 Description: The issue allows unauthorized access to inventory files. If anonymous access to FAQ is allowed, inventory files become accessible by unauthenticated users. Recommendations: For GLPI versions...

PT-2023-9268 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.5 Description: The issue is related to Cross-site Scripting, where an administrator can store malicious code in help links. This can be exploited by a remote attacker to save arbitrary code in the help links...