BIT-MLFLOW-2026-2611 Improper Origin Validation in mlflow/mlflow

In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...

CVE-2026-45053

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

EUVD-2026-26283

Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service device crash by sending a crafted Router Advertisement with a truncated PREFIXINFORMATION option that is smalle...

CVE-2026-33207

DataEase (open-source data visualization/analytics) contains a SQL injection in versions ≤ 2.10.20 at the /datasource/getTableField endpoint. The getTableFiledSql method concatenates the tableName into SQL via String.format without parameterization, and validation in DatasourceServer.py can be by...

PT-2026-31321

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.4.0 Description CI4MS, a CodeIgniter 4-based CMS, is susceptible to arbitrary configuration injection via the .env file. The Install::index controller does not validate the host POST parameter before passing it to...

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

CVE-2025-53598

CVE-2025-53598 describes a NULL pointer dereference affecting Qsync Central. A remote attacker who has a user account can trigger a DoS condition. Affected software: Qsync Central prior to 5.0.0.4. The vendor fixed the vulnerability in Qsync Central 5.0.0.4 and later (released 2026-01-20). The av...

CVE-2025-66310 Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This...

CVE-2025-54153

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 2025/07/31...

CVE-2025-29901

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...