CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...

GHSA-89X7-5M5M-MCMM Juju has unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

EUVD-2026-12815

Juju affected by timing ownership claim attack on new external back-end secrets...

GHSA-GFGR-6HRJ-85WW Juju affected by timing ownership claim attack on new external back-end secrets

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

CVE-2026-32694

The CVE-2026-32694 vulnerability affects Juju (versions 3.0.0 through 3.6.18). It arises when a secret owner grants a secret to a grantee and relies solely on a predictable secret XID to verify ownership. A malicious grantee who can request secrets can predict past secrets granted by the same own...

CVE-2026-32693 Unauthorized access to Kubernetes secrets in Juju

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...

CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

CVE-2026-32691 Timing ownership claim attack on new external back-end secrets

A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated as another unit...

Juju 安全漏洞

Juju is a canonical Juju open-source application orchestration engine. Versions of Juju from 3.1.6 to 3.6.18 have security vulnerabilities. These vulnerabilities stem from an authorization bypass in the Vault key backend implementation, which may allow authenticated unit agents to execute...

CVE-2025-22733

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through = 3.6.18...

WordPress plugin My auctions allegro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-4657 · WordPress · Wphocus My Auctions Allegro

Name of the Vulnerable Software and Affected Versions: WPHocus My auctions allegro versions 3.6.18 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means an attacker can inject malicious scripts into the...

WordPress My auctions allegro Plugin <= 3.6.18 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin My auctions allegro versions = 3.6.18...

AZL-42552 CVE-2023-6175 affecting package wireshark for versions less than 4.4.7-1

NetScreen file parser crash in Wireshark 4.0.0 to 4.0.10 and 3.6.0 to 3.6.18 allows denial of service via crafted capture file...

PT-2023-7176 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.18 Wireshark versions 4.0.0 through 4.0.10 Description: The issue is related to a NetScreen file parser crash in Wireshark, which can be exploited to cause a denial of service via a crafted capture file...

CVE-2018-5359

The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow...

CVE-2018-5359

The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow...

CVE-2018-5359

CVE-2018-5359 affects Flexense SysGauge Server 3.6.18, running on port 9221. The server is vulnerable to a remote buffer overflow that can grant system‑level access to an unauthenticated attacker. Public exploits exist (e.g., Exploit-DB, PacketStorm) demonstrating unauthenticated remote buffer ov...

Flexense SysGauge Buffer Overflow Vulnerability

Flexense SysGauge is a suite of free system performance monitoring applications from Flexense USA. A buffer overflow vulnerability exists in the server in Flexense SysGauge version 3.6.18. When running on port 9221, a remote attacker can exploit this vulnerability to gain system-level access...