CVE-2024-12866

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code execution by retrieving private SSH keys, reading private files, source code, and configuration...

CVE-2024-10948

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

containers-common bug fix update

An update is available for containers-common. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This package contains common configuration files and documentation...

CVE-2025-27926

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files web.config containing passwords that are readable by unauthorized users...

CVE-2025-27926

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files web.config containing passwords that are readable by unauthorized users...

CVE-2025-27926

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files web.config containing passwords that are readable by unauthorized users...

CVE-2025-27926

CVE-2025-27926 affects Nintex Automation versions 5.6–5.7 prior to 5.8. The vulnerability arises from configuration files in the K2 SmartForms Designer folder (web.config) containing passwords that are readable by unauthorized users due to misconfiguration. This leads to potential exposure of cre...

PT-2025-10645

Name of the Vulnerable Software and Affected Versions Nintex Automation versions 5.6 through 5.7 Description The issue concerns configuration files in the K2 SmartForms Designer folder that contain passwords readable by unauthorized users. Recommendations For Nintex Automation versions 5.6 throug...

CVE-2025-27926

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files web.config containing passwords that are readable by unauthorized users...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2024-51961

There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server. Due to the nature of the files...

CVE-2025-1091

A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known...

CVE-2025-1091

CVE-2025-1091 is tied to Tenable Identity Exposure before version 3.77.9, where a Broken Authorization issue allowed any authenticated user to download IOA scripts and configuration files if the URL is known. Publicly available documents indicate the vulnerability is addressed in Tenable’s adviso...

CVE-2025-1091 Broken Authorization Schema

A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known...

CVE-2024-45673

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user...

CVE-2024-45673

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user...

CVE-2024-45673 IBM Security Verify Bridge information disclosure

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user...

CVE-2024-45673

IBM Security Verify Bridge vulnerabilities CVE-2024-45673 (and related CVE-2024-45674) affect IBM Security Verify Bridge Directory Sync (versions 1.0.1–1.0.12), IBM Security Verify Gateway for Windows Login (1.0.1–1.0.10), and IBM Security Verify Gateway for Radius (1.0.1–1.0.11). The root cause ...

PT-2025-7417 · Ibm · Ibm Security Verify Gateway For Windows Login +2

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Bridge Directory Sync versions 1.0.1 through 1.0.12 IBM Security Verify Gateway for Windows Login versions 1.0.1 through 1.0.10 IBM Security Verify Gateway for Radius versions 1.0.1 through 1.0.11 Description: The issue...

Oracle Linux 8 : container-tools:ol8 (ELSA-2025-1372)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1372 advisory. aardvark-dns buildah 2:1.33.12-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.33...