10 matches found
CVE-2026-42223
Nginx UI (nginx-ui) before version 2.3.8 exposes sensitive settings through the GetSettings API. The handler serializes all settings structs to JSON and returns them to authenticated users, while the protected:"true" tag is only enforced on writes, not reads. This leaks 40+ protected fields, incl...
EUVD-2023-24093
Malicious code in bioql PyPI...
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server...
Malicious Package
Overview jose-openid-client is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
@financialforcedev/orizuru-auth (=3.0.4), @kognifai/oidc-provider-fork (=2.5.1) +7 more potentially affected by CVE-2018-0114 via node-jose (=0.10.0)
node-jose NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-jose and may be impacted: - @financialforcedev/orizuru-auth =3.0.4 - @kognifai/oidc-provider-fork =2.5.1 - @kognifai/poseidon-dev-host =2.0.0, =0.0.1, =2.4.0, =1.16.0,...
JFrog < 7.10.1 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.10.1. It is, therefore, affected by multiple vulnerabilities: - Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may...
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability...
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability...
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability...
XXE in OpenID client application - CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability. This issue was addressed by disabling the OpenID client application in Crowd. Please ...