๐จ CVE-2024-57854
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
๐@cveNotify
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
๐@cveNotify
๐จ CVE-2025-66605
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Since there are input
fields on this webpage with the autocomplete attribute enabled, the input
content could be saved in the browser the user is using.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
Since there are input
fields on this webpage with the autocomplete attribute enabled, the input
content could be saved in the browser the user is using.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2025-66606
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly encode URLs. An attacker could tamper with web pages or execute
malicious scripts.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product does not
properly encode URLs. An attacker could tamper with web pages or execute
malicious scripts.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2026-25884
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
๐@cveNotify
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
๐@cveNotify
GitHub
Merge pull request #3462 from kevinbackhouse/fix-ghsa-9mxq-4j5g-5wrp ยท Exiv2/exiv2@cbba4d2
Fix out-of-bounds read in CrwMap::decode0x0805
๐จ CVE-2026-27631
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.
๐@cveNotify
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8.
๐@cveNotify
GitHub
Merge pull request #3514 from kevinbackhouse/fix-issue-3513 ยท Exiv2/exiv2@659db31
Add enforce to check for integer overflow
๐จ CVE-2025-66602
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
access by IP address. When a worm that randomly searches for IP addresses
intrudes into the network, it could potentially be attacked by the worm.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
access by IP address. When a worm that randomly searches for IP addresses
intrudes into the network, it could potentially be attacked by the worm.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2025-66603
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
the OPTIONS method. An attacker could potentially use this information to carry
out other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The web server accepts
the OPTIONS method. An attacker could potentially use this information to carry
out other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2025-66604
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The library version
could be displayed on the web page. This information could be exploited by an
attacker for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
The library version
could be displayed on the web page. This information could be exploited by an
attacker for other attacks.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
๐@cveNotify
๐จ CVE-2026-2975
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
๐@cveNotify
A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
๐@cveNotify
GitHub
Vulnerabilities/fastapi-admin/vulnerability-1 at master ยท CC-T-454455/Vulnerabilities
Or2 | Or2 | Or2. Contribute to CC-T-454455/Vulnerabilities development by creating an account on GitHub.
๐จ CVE-2026-2976
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
๐@cveNotify
A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
๐@cveNotify
GitHub
Vulnerabilities/fastapi-admin/vulnerability-2 at master ยท CC-T-454455/Vulnerabilities
Or2 | Or2 | Or2. Contribute to CC-T-454455/Vulnerabilities development by creating an account on GitHub.
๐จ CVE-2026-2977
A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
GitHub
Vulnerabilities/fastapi-admin/vulnerability-3 at master ยท CC-T-454455/Vulnerabilities
Or2 | Or2 | Or2. Contribute to CC-T-454455/Vulnerabilities development by creating an account on GitHub.
๐จ CVE-2026-2978
A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used.
๐@cveNotify
GitHub
Vulnerabilities/fastapi-admin/vulnerability-4 at master ยท CC-T-454455/Vulnerabilities
Or2 | Or2 | Or2. Contribute to CC-T-454455/Vulnerabilities development by creating an account on GitHub.
๐จ CVE-2026-2979
A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Scheduled Task API. Executing a manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
๐@cveNotify
GitHub
Vulnerabilities/fastapi-admin/vulnerability-5 at master ยท CC-T-454455/Vulnerabilities
Or2 | Or2 | Or2. Contribute to CC-T-454455/Vulnerabilities development by creating an account on GitHub.
๐จ CVE-2026-27167
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.
๐@cveNotify
Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user visits `/login/huggingface`, the server retrieves its own Hugging Face access token via `huggingface_hub.get_token()` and stores it in the visitor's session cookie. If the application is network-accessible, any remote attacker can trigger this flow to steal the server owner's HF token. The session cookie is signed with a hardcoded secret derived from the string `"-v4"`, making the payload trivially decodable. Version 6.6.0 fixes the issue.
๐@cveNotify
GitHub
Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret
## Summary
Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user vis...
Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g. `gr.LoginButton`) are used. When a user vis...
๐จ CVE-2026-28414
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
๐@cveNotify
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed the definition of `os.path.isabs` so that root-relative paths like `/windows/win.ini` on Windows are no longer considered absolute paths, resulting in a vulnerability in Gradio's logic for joining paths safely. This can be exploited by unauthenticated attackers to read arbitrary files from the Gradio server, even when Gradio is set up with authentication. Version 6.7 fixes the issue.
๐@cveNotify
GitHub
Gradio Absolute Path Traversal on Windows with Python 3.13+
### Summary
Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. ...
Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. ...
๐จ CVE-2026-28415
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.
๐@cveNotify
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback endpoints on Gradio apps with OAuth enabled (i.e. apps running on Hugging Face Spaces with gr.LoginButton). Starting in version 6.6.0, the _target_url parameter is sanitized to only use the path, query, and fragment, stripping any scheme or host.
๐@cveNotify
GitHub
Open Redirect in OAuth Flow
# Summary
The _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /log...
The _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /log...
๐จ CVE-2026-28416
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.
๐@cveNotify
Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses `gr.load()` to load an attacker-controlled Space, the malicious `proxy_url` from the config is trusted and added to the allowlist, enabling the attacker to access internal services, cloud metadata endpoints, and private networks through the victim's infrastructure. Version 6.6.0 fixes the issue.
๐@cveNotify
GitHub
SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing
### Summary
A Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a...
A Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a...
๐จ CVE-2026-2599
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'download_csv' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
๐@cveNotify
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'download_csv' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
๐@cveNotify
๐จ CVE-2026-22701
filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the _acquire() method between raise_on_not_writable_file() (permission check) and os.open() (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. This issue has been patched in version 3.20.3.
๐@cveNotify
filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the _acquire() method between raise_on_not_writable_file() (permission check) and os.open() (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. This issue has been patched in version 3.20.3.
๐@cveNotify
GitHub
Fix TOCTOU symlink vulnerability in SoftFileLock ยท tox-dev/filelock@255ed06
Add O_NOFOLLOW flag to prevent symlink attacks. The vulnerability existed
between the permission check and the actual file creation, allowing an
attacker to create a symlink at the lock path.
How ...
between the permission check and the actual file creation, allowing an
attacker to create a symlink at the lock path.
How ...
๐จ CVE-2026-22772
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.
๐@cveNotify
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.
๐@cveNotify
GitHub
Add anchors when matching meta issuer regexp (GHSA-59jp-pj84-45mr) (#โฆ ยท sigstore/fulcio@eaae2f2
โฆ2263)
Without these anchors, URLs where the issuer is not the host could be
matched. This can result in server side request forgery, where the OIDC
library will query the well-known or JWKS URIs....
Without these anchors, URLs where the issuer is not the host could be
matched. This can result in server side request forgery, where the OIDC
library will query the well-known or JWKS URIs....
๐จ CVE-2026-22694
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3.
๐@cveNotify
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a site it was not authorized to access. The issue involved incomplete validation of calling app identity, origin, and RP ID in the Android credential provider. This issue was fixed in AliasVault Android 0.25.3.
๐@cveNotify
GitHub
Add additional loading message feedback during passkey verification (โฆ ยท aliasvault/aliasvault@b335047
โฆ#1440)