GHSA-7P93-6934-F4Q7 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

QNAP Systems QTS和QNAP Systems QuTS hero 路径遍历漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both software with data storage and management capabilities from QNAP Systems of Taiwan, China. A path traversal vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that originates from path traversal and could result in reading...

EUVD-2021-2910

Malicious code in bioql PyPI...

EUVD-2025-22767

Malicious code in bioql PyPI...

EUVD-2021-2879

Malicious code in bioql PyPI...

The vulnerability of the SD-WAN function in the PAN-OS operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SD-WAN function in the PAN-OS operating system relates to the exposure of system data to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

Marvell QConvergeConsole path traversal vulnerability (CNVD-2025-20445)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the getAppFileBytes method. An attacker could exploit the vulnerability to disclose information in the SYSTE...

Marvell QConvergeConsole 路径遍历漏洞

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the compressFirmwareDumpFiles method. An attacker could exploit this vulnerability to disclose information i...

The vulnerability of Nokia’s Single Radio Access Network management platform lies in the fact that system data can be disclosed to unauthorized individuals, allowing a intruder to gain unauthorized access to protected information.

The vulnerability of the Nokia Single RAN network management platform lies in the ability to expose system data to unauthorized individuals. Exploiting this vulnerability could allow a hacker to gain unauthorized access to protected information by sending a specially crafted POST request...

The vulnerability of the libsoup library, related to the exposure of system data to unauthorized individuals, allows a violator to disclose protected information.

The vulnerability of the libsoup library relates to the exposure of system data by unauthorized individuals. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the exposure of system data to unauthorized access within the controlled area. This allows attackers to disclose protected information.

The vulnerability of the software used for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP is related to the disclosure of system data that is not protected by permissions within the controlled area. Exploiting this vulnerability can allow a...

PT-2025-1202 · Sap · Sap Gui For Java

Name of the Vulnerable Software and Affected Versions: SAP GUI for Java affected versions not specified Description: The issue is related to the disclosure of system data to unauthorized parties within a controlled area. An attacker with administrative privileges or access to the victim's user...

The vulnerability of Ollama’s system for launching and managing large language models, related to the exposure of system data to unauthorized individuals, allows a violator to trigger a service failure.

The vulnerability of Ollama’s system for running and managing large language models is related to the exposure of system data to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor to cause service failures...

WAGO 安全漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is an electronic system designed for the operation of digital algorithms for applications in industrial environments. A security vulnerability exists in WAGO Unmanaged Switch 852-111/000-001 firmware version 01,...

CVE-2021-0291

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of...

Dell EMC ECS Exposes Resource Vulnerability

Dell EMC Elastic Cloud Storage ECS is a suite of scalable, software-defined object storage solutions from Dell, USA. An exposed resource vulnerability exists in Dell EMC ECS versions prior to 3.5, which arises from improper management of system resources e.g., memory, disk space, files, etc. by a...

Vulnerabilities fixed in Nginx

A malicious party could exploit the vulnerability to obtain system data obtain system data. To exploit the vulnerability, the malicious party must make a specially prepared HTTP request. The developers of Nginx have made updates available to fix the vulnerability. You can download the updates fro...