Code injection in OneUptime monitoring via custom JS monitor using vm module. PoC and patch available.
Node.js
Redis
Oneuptime
NVD
GitHub
CVSS 3.1
9.9
EPSS
0.1%
Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.
KVM
Linux
Information Disclosure
Path Traversal
Docker
+2
NVD
GitHub
CVSS 3.1
10.0
EPSS
0.0%
RCE in D-Tale pandas data visualizer before 3.20.0 via /save-column-filter. Patch available.
RCE
AI / ML
D Tale
NVD
GitHub
CVSS 3.1
9.8
EPSS
0.4%
SAML authentication bypass in Sentry 21.12.0 through 26.1.0.
Authentication Bypass
Sentry
NVD
GitHub
VulDB
CVSS 3.1
9.1
EPSS
0.1%
Missing authorization in ERPNext ERP before 15.98.0/16.6.0. Patch available.
Authentication Bypass
Erpnext
NVD
GitHub
CVSS 3.1
9.1
EPSS
0.0%