24 matches found
PT-2026-44891
OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without proper scope validation. Attackers with chat command access can create setup codes to enroll...
OpenBao's Namespace Deletion May Not Delete Data Properly
Impact When OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving unrelated storage entries around. Patches This will be patched in OpenBao...
PT-2026-37251
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description An issue exists in the identity-based secrets management system where an initial failure during namespace deletion causes subsequent retries to fail to remove all data before the namespace is marked ...
CVE-2022-31112
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...
CVE-2024-21635
Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update the...
EUVD-2024-37278
Malicious code in bioql PyPI...
Log Files Associated With Deleted Jobs or Tenants Are Not Automatically Deleted
Challenge The diagnostic log files created by Veeam Backup & Replication / Veeam Cloud Connect that are associated with a deleted or disabled job, repository, or tenant are not automatically removed and remain on disk taking up space. Cause This is expected behavior as log file management only...
Apache Struts file upload path traversal
Added: 12/20/2024 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...
CVE-2024-38360
Discourse (3.2.x) is affected by a Denial of Service via the Watched Words feature. The issue arises when a moderator creates replacement words with an almost unlimited length, which can exhaust resources and reduce availability. Remediation is to upgrade to Discourse 3.2.3 or newer betas; for th...
CVE-2024-39869
Siemens SINEMA Remote Connect Server is affected: all versions prior to V3.2 SP1 allow uploading certificates, and an authenticated attacker can upload crafted certificates that cause a permanent Denial-of-Service. The vulnerability stems from improper handling during certificate upload (unusual/...
BIT-ARGO-CD-2023-40029
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. pull request 7139 introduced the ability ...
DEBIAN-CVE-2022-37186
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...
UBUNTU-CVE-2022-37186
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...
CVE-2022-37186
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...
SUSE CVE-2022-36062
Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...
CVE-2022-37439
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malform...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...
PT-2022-15910 · Netapp · Storagegrid
Name of the Vulnerable Software and Affected Versions: StorageGRID formerly StorageGRID Webscale versions prior to 11.6.0 Description: The issue allows disabled, expired, or locked external user accounts to access S3 data to which they previously had access. In StorageGRID 11.6.0, the user accoun...
Hijackthis - A Free Utility That Finds Malware, Adware And Other Security Threats
HiJackThis Fork is a free utility for Microsoft Windows that scans your computer for settings changed by adware, spyware, malware and other unwanted programs. HiJackThis Fork primarily detects hijacking methods rather than comparing items against a pre-built database. This allows it to detect new...
Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page
h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...