364 matches found
EUVD-2023-1181
Malicious code in bioql PyPI...
CVE-2012-10042
CVE-2012-10042 affects Sflog! CMS 1.0 via an authenticated file-upload vulnerability in the blog management interface (manage.php). With default credentials (admin:secret), authenticated users can upload files to blogs/download/uploads/, where the upload validation is insufficient, enabling a PHP...
CVE-2025-6943
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...
CVE-2025-6942
The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine...
CVE-2025-6943
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...
CVE-2025-6943
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...
CVE-2025-6942
The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine...
CVE-2025-6942
The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine...
CVE-2025-6942
The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine...
CVE-2025-6942
Affected product: Delinea Secret Server distributed engine. Versions 8.4.39.0 and earlier (within Secret Server 11.7.49 and earlier) are vulnerable. Root cause: insufficient validation during the initial authorization event, enabling impersonation of another distributed engine. Impact: attacker c...
CVE-2025-6943
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables...
CVE-2025-6943
The CVE-2025-6943 entry relates to Delinea Secret Server (Thycotic Secret Server) versions 11.7 and earlier. A SQL report creation vulnerability arises from insufficient validation of SQL report creation, enabling an administrator to access restricted tables. The impact is limited to local/admin ...
PT-2025-27646 · Thycotic · Thycotic Secret Server
Name of the Vulnerable Software and Affected Versions: Thycotic Secret Server versions 11.7 and earlier Description: The issue allows an administrator to gain access to restricted tables through a SQL report creation vulnerability. Recommendations: For Thycotic Secret Server versions 11.7 and...
Delinea Secret Server 安全漏洞
Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server version 11.7 and earlier, which stems from insufficient validation of SQL report creation and could lead to administrator access to restricted tables...
PT-2025-27658 · Unknown · Secret Server
Name of the Vulnerable Software and Affected Versions: Secret Server versions 11.7.49 and earlier Description: The distributed engine of Secret Server can be exploited during an initial authorization event, allowing an attacker to impersonate another distributed engine. Recommendations: For Secre...
Delinea Secret Server 安全漏洞
Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server version 11.7.49 and earlier, which stems from insufficient validation in the initial authorization event and could lead to distributed engine impersonation...
CVE-2024-25651
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint...
CVE-2024-25653
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...
CVE-2024-25649
In Delinea PAM Secret Server 11.4, it is possible for an attacker with Administrator access to the Secret Server machine to read the following data from a memory dump: the decrypted master key, database credentials when SQL Server Authentication is enabled, the encryption key of RabbitMQ queue...
CVE-2024-12908
Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...