CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

EUVD-2025-36993

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

Bridging the Remediation Gap: Introducing Pentera Resolve

From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels...

arkadiyt-projects: DNS Rebinding Attack

Hi, there is a DNS rebinding vulnerability in your SSRF filter. F4891755 You validate the hostname's IP address, but then pass the hostname to Net::HTTP.start, which does its own DNS lookup. An attacker can control a DNS server that returns a safe public IP during validation, then returns 127.0.0...

Authentication Bypass by Spoofing

Overview social-auth-app-django is a Python Social Authentication, Django integration. Affected versions of this package are vulnerable to Authentication Bypass by Spoofing. An attacker can gain unauthorized access to user accounts by exploiting improper association by email when a third-party...

Ensuring Safe and Reliable Updates with Qualys TruRisk™ Manifest Version Control

The Fragility of “One Bad Update” In cybersecurity, speed is non-negotiable. New vulnerabilities surface daily, and enterprises expect coverage the moment exploits are in the wild. For years, the mantra was simple: push signatures fast, and you reduce risk. Faster updates meant faster protection...

EUVD-2014-4491

Malware in sbrugna...

EUVD-2018-20538

Malware in sbrugna...

EUVD-2016-9224

Malware in sbrugna...

EUVD-2021-2562

Malware in sbrugna...

EUVD-2025-26495

Malicious code in bioql PyPI...

CVE-2025-10458

Parameters are not validated or sanitized, and are later used in various internal operations...

CVE-2025-10458

Parameters are not validated or sanitized, and are later used in various internal operations...

CVE-2025-8067

A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor...

Ivanti Avalanche getCountMuStatDevicePropResultsFromMuListAgentIds SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the getCountMuStatDevicePropResultsFromMuListAgentIds function. The issue results from the...

Access Control Bypass

Overview browser-use is a Make websites accessible for AI agents Affected versions of this package are vulnerable to Access Control Bypass via the searchgoogle and gotourl functions, which fail to enforce domain restrictions by using direct page.goto calls instead of the validated...

Exploit for Code Injection in Moodle

CVE-2024-43425-Poc CVE Overview CVE ID: CVE-2024-43425 Descr...

Salt's file contents overwrite the VirtKey class

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

GHSA-7F3F-X5F5-79GW Salt's file contents overwrite the VirtKey class

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

CVE-2025-22241 CVE-2025-22241 salt advisory

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...