Security Vulnerabilities
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple socket script. An attacker who connects to a ZAI-Shell P2P session running in --no-ai mode can send arbitrary system commands. If the host user approves the command without reviewing its contents, the command executes directly with the user's privileges, bypassing all Sentinel safety checks. This vulnerability is fixed in 9.0.3.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-09
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is fixed in 0.6.20 and 0.7.2.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-09
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-02-09
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
CVSS Score
6.7
EPSS Score
0.0
Published
2026-02-09
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks).
CVSS Score
9.1
EPSS Score
0.001
Published
2026-02-09
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). For example, this can be used to return all results for an assessment.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-02-09