45 matches found
EUVD-2026-36135
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...
CVE-2026-0267
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...
CVE-2026-0267
CVE-2026-0267 affects the Palo Alto Networks GlobalProtect app on macOS. It is described as an information exposure vulnerability where a local user can learn the passcodes used to disable, disconnect, or uninstall the app, enabling those actions despite configuration restrictions. The provided d...
CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...
CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...
PT-2026-48528
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...
CVE-2018-25361
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability via database injection. A local attacker can inject pre-encrypted database entries using a constant encryption key to remove passcodes and unlock the client, gaining access to all stored data, chats, images, and files w...
PT-2026-43214
Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unloc...
Runtipi 安全漏洞
Runtipi is an open-source family server orchestrator developed by Runtipi. Versions of Runtipi prior to 4.8.1 contained security vulnerabilities. These vulnerabilities stemmed from the/api/auth/verify-totp endpoint, which did not enforce any rate limits or account locking mechanisms. This allowed...
CVE-2025-23168
The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...
EUVD-2025-18669
Malicious code in bioql PyPI...
EUVD-2022-39266
Malicious code in bioql PyPI...
EUVD-2024-0163
Malicious code in bioql PyPI...
Versa Networks Versa Director multiple vulnerabilities
RISK EVALUATION Versa Networks Versa Director contains a variety of vulnerabilities. In the most severe cases, a remote, unauthenticated attacker could execute arbitrary code with administrative privileges. 2. RECOMMENDED PRACTICES Upgrade to fixed versions of Versa Director. See...
CVE-2025-23168
The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...
CVE-2025-23168
The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...
CVE-2025-23168
The CVE-2025-23168 entry describes a vulnerability in Versa Director SD-WAN’s 2FA via OTP over email/SMS. The authenticated attacker can abuse untrusted input when dispatching OTPs to redirect delivery to their device, enabling interception of codes. OTP/TOTP codes are not invalidated after use, ...
CVE-2025-23168
The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...
CVE-2022-36560
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh...
Sensitive Information Disclosure
snowflakeconnectorpython is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Connector logging Duo passcodes and Azure SAS tokens when the logging level is set to DEBUG, and bugs in the SecretDetector logging formatter that failed to fully redact JWT tokens and...