CVE-2026-44477

A flaw was found in CloudNativePG's metrics exporter. The issue arises because the metrics exporter connected to PostgreSQL using a highly privileged account and did not properly restrict privileges during monitoring operations. A low-privileged database user could exploit this behavior through...

CVE-2026-40326

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in csettings.cfc does not properly validate anti-CSRF tokens for site bundle creation requests. An attacker can craft a malicious webpage or link that, when visited by a logged-in...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through improper validation of the influenceId path parameter in the DELETE endpoint. An attacker can remove arbitrary Traffic Influence Subscriptions by sending a crafted request with an invalid influenceId value...

CVE-2026-31891

Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment where the /api/content/aggregate/model endpoint is...

CVE-2026-21877

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...

EUVD-2020-29773

Malware in sbrugna...

EUVD-2005-2799

Malware in sbrugna...

EUVD-2021-12326

Malware in sbrugna...

CVE-2025-61778 Akka.Remote TLS did not properly implement certificate-based authentication

Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our akka.remote.dot-netty.tcp transport and this would correctly enforce private key validation on the server-side of inbound connections...

EUVD-2021-28842

Malicious code in bioql PyPI...

EUVD-2022-48910

Malicious code in bioql PyPI...

GHSA-XCH9-H8QW-85C7 Canonical LXD Project Existence Determination Through Error Handling in Image Get Function

Impact The LXD /1.0/images endpoint is implemented as an AllowUntrusted API that requires no authentication, making it accessible to users without accounts. This API allows determining project existence through differences in HTTP status codes when accessed with the project parameter...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extraction process of zip archives. An attacker can write files to arbitrary locations on the file system by crafting a zip archive with directory traversal sequences in file paths. Note: This is only...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

CVE-2022-31139

UnsafeAccessor UA is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up SecurityCheck.AccessLimiter for UA to...

kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

PYSEC-2024-177

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

OMRON NJ/NX series vulnerable to path traversal

Overview Machine Automation Controller NJ/NX series provided by OMRON Corporation contain a path traversal vulnerability CWE-22, CVE-2024-27121. OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary file in the affected product...

CVE-2023-34103 Stored XSS (Cross Site Scripting) in html content based fields of avo

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...