Argo Workflows affected by stored XSS in the artifact directory listing

argoproj argo-workflows argoproj argo-workflows

Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

fleetdm fleet fleetdm fleet +3个

Fleet has an Access Control vulnerability in debug/pprof endpoints

fleetdm fleet fleetdm fleet +3个

CVAT vulnerable to privilege escalation of users with staff status

cvat-ai cvat

CVAT vulnerable to XSS via skeleton SVG images

cvat-ai cvat

Saleor vulnerable to stored XSS via Unrestricted File Upload

saleor saleor saleor saleor +1个

Saleor lacks proper HTML sanitization in rich text fields

saleor saleor saleor saleor +1个

External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function

external-secrets external-secrets

Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability

fleetdm fleet fleetdm fleet +2个

vLLM affected by RCE via auto_map dynamic module loading during model initialization

vllm-project vllm

5ire vulnerable to Remote Code Execution (RCE) via ECharts

nanbingxyz 5ire

5ire vulnerable to Remote Code Execution (RCE)

nanbingxyz 5ire

ManageIQ vulnerable to DoS Attack when creating TimeProfiles

ManageIQ manageiq

Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation

anthropics claude-code

SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

dataease SQLBot

ArduinoCore-avr has Stack-Based Buffer Overflow in WString Float/Double Constructors

arduino ArduinoCore-avr

EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization

EVerest everest-core

EVerest allows null session ID to bypass session ID verification

EVerest everest-core

In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing

EVerest everest-core

base64.b64decode() always accepts "+/" characters, despite setting altchars

Python Software Foundation CPython