49 matches found
Important: Red Hat Security Advisory: Self-service automation portal 2.1 security update
Updated images are now available for Self-service automation portal 2.1, which include new features, bug fixes, and enhancements for Red Hat Ansible Automation Platform integration with Red Hat Developer Hub. Self-service automation portal 2.1 delivers an Ansible-first Red Hat Developer Hub user...
CVE-2023-49706
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with...
Malicious Package
Overview self-service-portal-prod is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in self-service-portal-prod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e4de1ac227f5bbfb5b8aead3c1eeccbaeaa77d15ff7575b83b4d7899c380eda The package self-service-portal-prod was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-201110
Malicious code in self-service-portal-prod npm...
MAL-2025-192288 Malicious code in self-service-portal-prod (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e4de1ac227f5bbfb5b8aead3c1eeccbaeaa77d15ff7575b83b4d7899c380eda The package self-service-portal-prod was found to contain malicious code. Source: ghsa-malware...
EUVD-2016-0926
Malware in sbrugna...
EUVD-2018-5355
Malware in sbrugna...
CVE-2025-20258
A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting...
CVE-2025-20258
A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting...
RHEL 6 : python-django-horizon and python-django-openstack-auth update (Moderate) (RHSA-2015:0845)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0845 advisory. OpenStack Dashboard horizon provides administrators and users a graphical interface to access, provision and automate cloud-based resources. The...
MTN Group: FULL ACCOUNT TAKEOVER
The selfservice portal at https://mymtn.com.ng/ allowed an attacker to take over any Nigerian MTN phone number. The attacker was able to access the account holder's personal information, such as date of birth and full name. The attacker also had the ability to use any available airtime on the...
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
VeridiumID 安全漏洞
VeridiumID is an integrated passwordless platform from VeridiumID. A security vulnerability exists in VeridiumID versions prior to 3.5.0. An attacker exploited the vulnerability to take over all accounts by sending malicious input through the self-service portal...
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
CVE-2023-45552
VeridiumID prior to 3.5.0 contains a stored XSS vulnerability in the admin portal that allows an authenticated attacker to take over all accounts by injecting malicious input through the self-service portal. Affected component: VeridiumID admin portal; vulnerability type: stored XSS; impact: acco...
CVE-2023-45552
In VeridiumID before 3.5.0, a stored cross-site scripting XSS vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal...
PT-2024-13251 · Veridium · Veridiumid
Name of the Vulnerable Software and Affected Versions: VeridiumID versions prior to 3.5.0 Description: A stored cross-site scripting issue has been found in the admin portal of the affected software. This allows an authenticated attacker to potentially take over all accounts by sending malicious...
CVE-2023-40236
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...
CVE-2023-40236
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass...