https://0.0.0.0:10001 Contains only the most 10 recent entries. http://www.rssboard.org/rss-specification python-feedgen en Wed, 13 May 2026 18:25:17 +0000 https://0.0.0.0:10001/vuln/ghsa-m2m6-cff5-3w7c RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions RedwoodSDK has Same-site CSRF through lack of origin validation in its server actions https://0.0.0.0:10001/vuln/ghsa-m2m6-cff5-3w7c Fri, 24 Apr 2026 15:36:52 +0000 https://0.0.0.0:10001/vuln/ghsa-f5v4-2wr6-hqmg russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler https://0.0.0.0:10001/vuln/ghsa-f5v4-2wr6-hqmg Fri, 24 Apr 2026 15:39:37 +0000 https://0.0.0.0:10001/vuln/ghsa-mrxx-39g5-ph77 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field https://0.0.0.0:10001/vuln/ghsa-mrxx-39g5-ph77 Fri, 24 Apr 2026 15:41:21 +0000 https://0.0.0.0:10001/vuln/ghsa-x92x-px7w-4gx4 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field https://0.0.0.0:10001/vuln/ghsa-x92x-px7w-4gx4 Fri, 24 Apr 2026 15:41:42 +0000 https://0.0.0.0:10001/vuln/ghsa-xff3-5c9p-2mr4 New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud https://0.0.0.0:10001/vuln/ghsa-xff3-5c9p-2mr4 Fri, 24 Apr 2026 15:43:25 +0000 https://0.0.0.0:10001/vuln/ghsa-38c5-483c-4qqp Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior https://0.0.0.0:10001/vuln/ghsa-38c5-483c-4qqp Fri, 24 Apr 2026 15:57:36 +0000 https://0.0.0.0:10001/vuln/ghsa-v638-38fc-rhfv AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache https://0.0.0.0:10001/vuln/ghsa-v638-38fc-rhfv Fri, 24 Apr 2026 15:59:17 +0000 https://0.0.0.0:10001/vuln/ghsa-f5c8-m5vw-rmgq nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields https://0.0.0.0:10001/vuln/ghsa-f5c8-m5vw-rmgq Fri, 24 Apr 2026 16:00:09 +0000 https://0.0.0.0:10001/vuln/ghsa-xqmj-j6mv-4862 LiteLLM: Server-Side Template Injection in /prompts/test endpoint LiteLLM: Server-Side Template Injection in /prompts/test endpoint https://0.0.0.0:10001/vuln/ghsa-xqmj-j6mv-4862 Fri, 24 Apr 2026 16:02:42 +0000 https://0.0.0.0:10001/vuln/ghsa-qc5p-3mg5-9fh8 Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources Avo: Broken Access Control Through Unauthorized Execution of Arbitrary Action Classes Across Resources https://0.0.0.0:10001/vuln/ghsa-qc5p-3mg5-9fh8 Fri, 24 Apr 2026 16:11:28 +0000