CVE-2026-1185

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

CVE-2026-35533

mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted a...

Local settings bypass config trust checks

Summary mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as env .source, templates, hooks, or tasks. The...

EUVD-2021-28652

Malicious code in bioql PyPI...

CVE-2024-25738

A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...

CVE-2023-35890 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

PT-2023-25365 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue is caused by improper encoding in a local configuration file, which could provide weaker than expected security. Recommendations: For IBM WebSphere Application...

MELAG FTP Server Information Disclosure Vulnerability

MELAG FTP Server is an FTP server from MELAG Germany.An information disclosure vulnerability exists in MELAG FTP Server version 2.2.0.4, which stems from storing the unencrypted password of an FTP user in a local configuration file. An attacker could exploit this vulnerability to obtain sensitive...

CVE-2021-41639

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

CVE-2021-41639

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

CVE-2021-41637

Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users...

Design/Logic Flaw

MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file...

Potential Privilege Escalation

In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the...