CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

PT-2026-31333

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An incorrect authorization issue in Kibana can lead to cross-space information disclosure through privilege abuse. A user with Fleet agent management privileges in one Kibana space can retriev...

EUVD-2006-2561

Malware in sbrugna...

CVE-2024-6834

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

CVE-2024-6834

APIML Spring Cloud Gateway is affected by a vulnerability where proxy requests are unexpectedly signed with Zowe’s client certificate, allowing non-privileged users to access endpoints that require an internal client certificate without any credentials. This can enable an attacker to manage compo...

CVE-2024-6834 Imperative Local Command Injection allows Activity Masking

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

PT-2024-37893 · Unknown · Apiml Spring Cloud Gateway

Name of the Vulnerable Software and Affected Versions: APIML Spring Cloud Gateway affected versions not specified Description: A vulnerability in APIML Spring Cloud Gateway allows unauthorized access to endpoints that require an internal client certificate. This occurs because the gateway...

PT-2006-3505 · Linksys · Linksys Wrt54Gl Wireless-G Broadband Router

Name of the Vulnerable Software and Affected Versions: Linksys WRT54G Wireless-G Broadband Router affected versions not specified Description: The issue allows remote attackers to bypass access restrictions and conduct unauthorized operations. This is achieved via a UPnP request with a modified...