26 matches found
CVE-2025-41118 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
CVE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118
creationtimestamp| type| source ---|---|--- 2026-03-26 23:20:03+00:00| seen| Telegram/8zEAgaRSdVOPVh8YiiaVjapuYDuCzradOizJ-8M58UocKc 2026-04-15 21:08:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjksix6ctm2m 2026-04-15 23:26:09+00:00| seen|...
CVE-2026-28377 S3 SSE-C Encryption Key Exposed in Plaintext via Config Endpoint (CVE-2025-41118 Pattern)
A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to williamgoodfellow for reporting this vulnerability...
EUVD-2025-41118
Malicious code in erwin-soto65-apidev npm...
MAL-2025-41118 Malicious code in zucchini-oscar-logx (npm)
The package zucchini-oscar-logx was found to contain malicious code...
CVE-2023-41118
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...
CVE-2024-41118
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...
Security Bulletin: Common vulnerabilities fixed in EDB Postgres Advanced Server (EPAS)
Summary Common vulnerabilities fixed in EDB Postgres Advanced Server EPAS Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the accesshistory function. By...
CVE-2024-41118
creationtimestamp| type| source ---|---|--- 2024-07-26 23:53:42+00:00| seen| https://t.me/cvedetector/1726...
CVE-2024-41118 streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...
CVE-2024-41118 streamlit-geospatial blind SSRF in pages/7_📦_Web_Map_Service.py
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the url variable on line 47 of pages/7📦WebMapService.py takes user input, which is passed to getlayers function, in which url is used with getwmslayer method...
CVE-2024-41118
The CVE-2024-41118 entry concerns the open-source project streamlit-geospatial, where prior to commit c4f81d9616d40c60584e36abb15300853a66e489 the url variable in pages/7_📦_Web_Map_Service.py accepts user input and passes it into get_layers, which uses get_wms_layer to send requests to arbitrary ...
Security Bulletin: EDB Postgres Advanced Server (EPAS)
Summary This security bulletin identifies a set of common vulnerabilities that have been addressed in EDB Postgres Advanced Server with IBM 15.4. Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain...
CVE-2023-41118
creationtimestamp| type| source ---|---|--- 2024-01-02 08:36:25+00:00| seen| https://t.me/ctinow/161566...
CVE-2023-41118
An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...
CVE-2023-41118
CVE-2023-41118 affects EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.x prior to 12.16.20, 13.x prior to 13.12.16, 14.x prior to 14.9.0, and 15.x prior to 15.4.0. An authenticated user can bypass authorization when a superuser has configured file locations with CREATE DIRECTOR...
CVE-2022-41118
creationtimestamp| type| source ---|---|--- 2022-11-10 00:42:25+00:00| seen| https://t.me/cibsecurity/52748...
CVE-2022-41118
Windows Scripting Languages Remote Code Execution Vulnerability...
CVE-2022-41118
Technical details about CVE-2022-41118 are not provided in the supplied documents. No product/vendor/version or exploit information is available here. Monitor for updates from official sources; further details and remediation would require vendor advisories.