1058 matches found
Cockpit Web Console < 360 - Remote Code Execution
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
CVE-2026-57647
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...
CVE-2026-57647
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...
EUVD-2026-39762
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...
CVE-2026-57647 WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...
Zoho ManageEngine - Remote Code Execution
Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...
EUVD-2026-37956
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
EUVD-2026-37955
Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...
CVE-2026-8668
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
CVE-2026-8668
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
CVE-2026-8668
CVE-2026-8668 concerns Chef 360 prior to v1.7.0, where a static credential embedded in the product allowed unauthenticated access to internal message queues containing tenant-specific identifiers. The underlying issue is a hardcoded credential that enables access without authentication; later ver...
CVE-2026-8668 Hardcoded credentials in embedded content
A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...
CVE-2026-8100
Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...
CVE-2026-8100
CVE-2026-8100 affects Chef 360. The issue arises from improper handling of URL-encoded paths during request processing, allowing an authenticated request to bypass standard access controls and access higher-privilege API endpoints under certain conditions. Impact is deployment/configuration depen...
PT-2026-50803
Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.1 Description Improper handling of URL-encoded paths during request processing can allow unauthorized access to protected API endpoints. An authenticated request may bypass standard access controls to gain...
EUVD-2026-36688
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...
CVE-2026-12214
Qihoo 360 Total Security 6.0 contains a vulnerability in the RpcStringBindingComposeW function within the Nucleus Engine Monitoring Logic. Manipulating the NetworkAddr argument can cause protection mechanism failure, allowing a local attacker to exploit the issue. The exploit is publicly availabl...
PT-2026-49176
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...
Malicious code in @tse-digital/core (npm)
Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...
MAL-2026-5157 Malicious code in @tse-digital/core (npm)
Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...