PYSEC-2026-58

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

PYSEC-2026-58

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

CVE-2026-6264

CVE-2026-6264 affects Talend JobServer and Talend Runtime. An unauthenticated remote code execution is possible via the JMX monitoring port on the JobServer. For mitigation: enable TLS client authentication on the JobServer’s JMX monitoring port and apply the patch for full protection. On Talend ...

CVE-2026-30831 Rocket.Chat: 2FA bypass and login of deactivated users via EE ddp-streamer

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0, authentication vulnerabilities exist in Rocket.Chat's enterprise DDP Streamer service. The Account.login method exposed through the DDP...

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

EUVD-2025-203992

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

PT-2025-51924

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1. DriveLock versions 24.2 through 24.2. DriveLock versions 25.1 through 25.1. Description An incomplete configuration related to agent authentication in DriveLock tenants can allow attackers to impersonate a...

CVE-2025-67791

Summary: CVE-2025-67791 describes an incomplete tenant configuration in DriveLock (versions 24.1., 24.2. , 25.1.*) that allows an attacker to impersonate any DriveLock agent on the network when targeting the DriveLock Enterprise Service (DES). Affected products/versions (as stated): DriveLock 24....

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

CVE-2025-67791

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 API Manager Analytics is an analytics component, and WSO2 API Control Plane is a control panel. A security vulnerability exists in a number of WSO2 products. The vulnerability stems from insufficient enforcement of permissions in the...

EUVD-2010-2483

Malware in sbrugna...

EUVD-2014-1543

Malware in sbrugna...

EUVD-2013-3626

Malware in sbrugna...

Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033

Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal Score:...

CVE-2013-3693

The BlackBerry Universal Device Service in BlackBerry Enterprise Service BES 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation RMI interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098...

Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow - CVE-2024-38321

Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details CVEID:CVE-2024-38321 DESCRIPTION: IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations th...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-45073)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...