Security Bulletin: NVIDIA Isaac Launchable - May 2026

NVIDIA has released a software update for NVIDIA® Isaac Launchable. To protect your system, download and install the latest version of Isaac Launchable. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update addresses and thei...

PT-2026-42667

Name of the Vulnerable Software and Affected Versions Crawlee versions 1.0.0 through 1.6.9 Description Crawlee is subject to a blind Server-Side Request Forgery SSRF when processing sitemap-derived URLs or robots.txt directives. The issue occurs when an attacker-controlled sitemap or robots.txt...

Directus 安全漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.17.0 contained a security vulnerability. This vulnerability stemmed from inconsistent calls to the prepareDelta cleanup pipeline in...

CVE-2026-20138

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the integrationKey, secretKey, and appSecretKey secrets, generated by Duo Two-Factor...

CVE-2020-37093

Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcoreget.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in...

EUVD-2018-12347

Malware in sbrugna...

EUVD-2017-14749

Malware in sbrugna...

EUVD-2012-0086

Malware in sbrugna...

EUVD-2023-48575

Malicious code in bioql PyPI...

EUVD-2022-4884

Malicious code in bioql PyPI...

EUVD-2021-9352

Malicious code in bioql PyPI...

EUVD-2022-2588

Malicious code in bioql PyPI...

EUVD-2022-32045

Malicious code in bioql PyPI...

CVE-2025-7738 Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap

A flaw was found in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users...

CVE-2025-7738 Python3.11-django-ansible-base: sensitive authenticator secrets returned in clear text via api in aap

A flaw was found in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users...

CVE-2025-48493

The vulnerability CVE-2025-48493 affects the Yii 2 Redis extension (yii2-redis) used with Yii Framework 2.0. Prior to version 2.0.20, AUTH credentials are logged in plain text when a connection fails, exposing usernames and passwords to anyone with access to the logs. The issue is mitigated by up...

CVE-2025-48493 Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if...

CVE-2022-34801

Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

CVE-2020-17511

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2025:3636)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:3636 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...