PT-2026-1734

Name of the Vulnerable Software and Affected Versions MLFlow versions up to and including 3.4.0 Description MLFlow versions up to and including 3.4.0 are susceptible to DNS rebinding attacks because of missing Origin header validation within the MLFlow REST server. This allows malicious websites ...

CVE-2025-62228

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue...

CVE-2025-62228

CVE-2025-62228 affects Apache Flink CDC: version 3.4.0 is vulnerable to SQL injection via maliciously crafted identifiers (e.g., database or table names). The issue can be triggered by a logged-in database user, with remediation to upgrade to 3.5.0 (or apply fixes per advisories). Connected docum...

PT-2025-1013 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions prior to 3.5.0 Description: The issue is related to the logging of clear-text private keys in the application log, which can be used by an unauthorized actor to decrypt VPN traffic. This could allow attackers to acces...