PT-2026-51068

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0-ea.1 through 3.7.4 Description A fail-open authentication issue exists in the Kubernetes Ingress NGINX provider. When an Ingress explicitly enables BasicAuth or DigestAuth using the nginx.ingress.kubernetes.io/auth-type...

EUVD-2024-55000

Malicious code in bioql PyPI...

CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...

CVE-2024-52601

CVE-2024-52601 – iTop portal exposure is a read-access flaw in the web-based IT Service Management tool iTop. Prior to versions 2.7.12, 3.1.3, and 3.2.1, accounts with portal access could read objects they are not permitted to see by querying an unprotected route (Insecure Direct Object Reference...

CVE-2025-46816 goshs route not protected, allows command execution

goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function dispatchReadPump does not checks the option cli -c, thus allowing anyone to execute arbitra...