CVE-2026-35196

creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:29+00:00| published-proof-of-concept| Telegram/70ang71mEb6lYSNq2VZHiuuV7i7KfipPcLMkKoGk9-znXQ 2026-04-15 12:08:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjudrmv7g2u...

Linux Distros Unpatched Vulnerability : CVE-2021-35196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure...

CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

CVE-2024-35196 Slack integration leaks sensitive information in logs in Sentry

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

CVE-2024-35196

Sentry’s Slack integration leaks sensitive data by logging the incoming request_body, including the deprecated Slack verification token, under specific log patterns. Affected: self-hosted Sentry installations; SaaS users are unaffected. Impact in the public advisories (GHSA, Red Hat, OSV, CVE rec...

CVE-2022-35196

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

CVE-2022-35196

CVE-2022-35196 affects TestLink v1.9.20 and is a Cross-Site Request Forgery (CSRF) vulnerability exploitable via the /lib/plan/planView.php endpoint. The incident has a high impact (C/H/I/A) per CVSS 3.1 (8.8) with network attack vector, no privileges required, user interaction required. The conn...

CVE-2021-35196

Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an...

CVE-2021-35196

Manuskript ≤ 0.12.0 is affected by insecure deserialization via pickle.load() in settings.py, enabling remote code execution through a crafted settings.pickle inside a project file. The vendor notes the product is not intended for untrusted project files. Exploitation details, affected components...

CVE-2020-35196

creationtimestamp| type| source ---|---|--- 2020-12-17 07:42:21+00:00| seen| https://t.me/cibsecurity/20974...

CVE-2020-35196

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine Alpine specific contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank passwor...

CVE-2020-35196

CVE-2020-35196 affects official RabbitMQ Docker images prior to 3.7.13-beta.1-management-alpine (Alpine-specific). The vulnerability is a blank password for the root user, potentially allowing a remote attacker to gain root access within the container. The connected Red Hat and other sources conf...

Apache Tomcat表单认证用户名枚举漏洞

BUGTRAQ ID: 35196 CVECAN ID: CVE-2009-0580 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 由于某些认证类中的不充分错误检查，如果远程攻击者向Tomcat服务器提交了非法URL编码的口令就可能通过返回判断是否存在所请求的用户名。如果基于表单的认证（jsecuritycheck）使用了任意以下认证域就可以执行这种攻击： MemoryRealm DataSourceRealm JDBCRealm Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group...