CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...

EUVD-2023-55486

Malicious code in bioql PyPI...

CVE-2023-50713

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Toke...

CVE-2023-50713

CVE-2023-50713 – Speckle Server Token Privilege Escalation : Affects Speckle Server versions prior to 2.17.6. When creating a new token (via app with token write scope or frontend-2), the requesting token must authorize the new token, but the service did not verify that the new token’s privileges...

CVE-2023-50713 Speckle Server API Token Privilege Escalation

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Toke...