CVE-2026-28361 NocoDB: Missing Ownership Validation in MCP Token Operations

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in...

EUVD-2024-3396

Malicious code in bioql PyPI...

CVE-2024-53859 go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

IBM Security Verify Information Queue 信息泄露漏洞

IBM Security Verify Information Queue is an integration product from IBM of America, Inc. Leverages Kafka technology and a publish/subscribe model to integrate data between IBM Security products. IBM Security Verify Information Queue version 10.0.2 is vulnerable to an information disclosure...

GHSA-CWHM-272P-3WJ9 Yii Framework Cross-Site Request Forgery (CSRF)

In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity...