CVE-2026-7112

CVE-2026-7112 affects NousResearch hermes-agent 0.8.0. The vulnerability is in the API_SERVER_KEY Handler’s function _check_auth within gateway/platforms/api_server.py, causing improper authentication. It can be triggered remotely, with a high attack complexity and partial confidentiality/integri...

CVE-2026-25146 OpenEMR's payments gateway_api_key secret rendered into client JS code

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are at least two paths where the gatewayapikey secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary...

CVE-2026-25146

OpenEMR is affected from version 5.0.2 up to, but not including, 8.0.0. In at least two code paths, the gateway_api_key secret value is rendered in plaintext in client-side JavaScript, exposing the key used to authorize payment gateway APIs. This leakage can enable arbitrary money movements or br...

EUVD-2026-9329

OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are at least two paths where the gatewayapikey secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.2

Red Hat OpenShift Service Mesh 3.2.2 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.2....

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests...

EUVD-2023-45777

Malicious code in bioql PyPI...

EUVD-2022-26894

Malicious code in bioql PyPI...

EUVD-2024-2632

Malicious code in bioql PyPI...

EUVD-2022-28518

Malicious code in bioql PyPI...

EUVD-2023-1875

Malicious code in bioql PyPI...

EUVD-2025-7997

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-30162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services an...

python3.11-django-ansible-base: Sensitive Authenticator Secrets Returned in Clear Text via API in AAP

A flaw was found in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users...

CVE-2025-7738

A flaw was found in Ansible Automation Platform AAP where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users...

Quiter Gateway 跨站脚本漏洞

Quiter Gateway is an API interface from Quiter Spain. A cross-site scripting vulnerability exists in Quiter Gateway versions prior to 4.7.0, which stems from the presence of reflective cross-site scripting in the idfactura parameter, which could lead to the execution of malicious code...

PT-2025-20709 · Schweitzer Engineering Laboratories · Sel-5037 Sel Grid Configurator

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5037 Grid Configurator versions prior to 6.4.0.58 Description: The issue is related to an overly permissive Cross Origin Resource Sharing CORS configuration for a data gateway service in the application...

Incorrect Authorization

github.com/cilium/cilium is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of egress restrictions due to a misconfiguration where egress traffic to LoadBalancers deployed via Gateway API is incorrectly allowed, despite network policies blocking such traffi...

BIT-HUBBLE-RELAY-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

BIT-CILIUM-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...