751 matches found
GHSA-89X7-5M5M-MCMM Juju has unauthorized update of out-of-scope Vault secrets
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32692
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32692
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
CVE-2026-32692
The CVE-2026-32692 entry describes an authorization bypass in the Vault secrets back-end of Juju (versions 3.1.6–3.6.18). An authenticated unit agent can perform unauthorized updates to secret revisions, potentially poisoning existing secret revisions within the Vault secret back-end. Metrics ind...
PT-2026-26056
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...
EUVD-2025-208665
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...
CVE-2025-36368
IBM Sterling B2B Integrator and IBM Sterling File Gateway are affected by a SQL injection vulnerability (CVE-2025-36368) in the Dashboard UI affecting versions 6.1.0.0–6.1.2.7_2, 6.2.0.0–6.2.0.5_1, and 6.2.1.0–6.2.1.1_1. The issue allows an administrative user to send crafted SQL statements to vi...
CVE-2025-36368 IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...
MiracleLinux 7 : nbdkit-1.8.0-3.el7 (AXSA:2020-4543:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4543:01 advisory. nbdkit: denial of service due to premature opening of back-end connection CVE-2019-14850 Tenable has extracted the preceding description block directly from...
GHSA-5QW5-WF2Q-F538 ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection
ActiveRecord-JDBC-Adapter AR-JDBC contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or...
Bluspark BLUVOYIX 安全漏洞
Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper back-end API authentication, which could lead to an attacker gaining full access to customer data and completely compromisi...
MiracleLinux 4 : bind-dyndb-ldap-1.1.0-0.9.b1.0.1.AXS4 (AXSA:2012-575:02)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-575:02 advisory. This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP serve...
October CMS 跨站脚本漏洞
October CMS is an open source content management system CMS from October CMS based on PHP and the Laravel web application framework. A cross-site scripting vulnerability exists in October CMS versions prior to 3.7.13 and prior to 4.0.12, which stems from insufficient cleanup and escaping in...
CVE-2021-33688
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained...
CVE-2024-41767
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
EUVD-2025-203470
A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...
CVE-2025-13214 IBM Aspera Orchestrator SQL Injection
IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
X-SpringBoot 安全漏洞
X-SpringBoot is a lightweight Java rapid development platform for czx individual developers. A security vulnerability exists in X-SpringBoot version 6.0, which stems from the unsynchronized front-end and back-end privilege components and could lead to an elevation of privilege attack...