59 matches found
CVE-2026-3277
The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...
CVE-2026-3277
The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...
CVE-2026-3277
The vulnerability CVE-2026-3277 affects PowerShell Universal prior to version 2026.1.3, where the OpenID Connect (OIDC) client secret is stored in cleartext in the .universal/authentication.ps1 script. An attacker with read access to that file can obtain the OIDC client credentials, leading to po...
CVE-2026-3277
The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...
CVE-2026-3277
The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...
PT-2026-22344
The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...
CVE-2023-49213
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1...
CVE-2026-0618
Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13...
CVE-2026-0618
Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13...
CVE-2026-0618
Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13...
CVE-2026-0618
Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13...
CVE-2026-0618
Devolutions PowerShell Universal is affected by a Cross-site Scripting vulnerability tracked as CVE-2026-0618. Vulnerable versions are before 4.5.6 and before 5.6.13. Root cause: improper input neutralization in user-supplied data, enabling script execution in web pages viewed by other users. Imp...
Devolutions PowerShell Universal 安全漏洞
Devolutions PowerShell Universal is a comprehensive PowerShell platform from Devolutions Canada. A security vulnerability exists in Devolutions PowerShell Universal versions prior to 4.5.6 and prior to 5.6.13 that stems from improper input neutralization and could lead to a cross-site scripting...
PT-2026-1962
Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal versions prior to 4.5.6 Devolutions PowerShell Universal versions prior to 5.6.13 Description A cross-site scripting issue exists in Devolutions PowerShell Universal. This allows for potential malicious code...
EUVD-2022-48091
Malicious code in bioql PyPI...
EUVD-2023-53216
Malicious code in bioql PyPI...
EUVD-2022-48092
Malicious code in bioql PyPI...
CVE-2024-50616
Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information...
CVE-2022-45184
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...
CVE-2022-45183
Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6...