70 matches found
FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass
Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...
GHSA-RG3M-CFQ7-G6H6 FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass
Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...
PT-2026-43447
Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...
EUVD-2023-44280
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...
CVE-2023-3634
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...
CVE-2023-3634 Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...
CVE-2023-3634
The CVE-2023-3634 issue affects Festo MSE6-C2M/D2M/E2M in the MSE6 product-family. A remote authenticated, low-privileged attacker could use functions in an undocumented test mode, potentially causing a complete loss of confidentiality, integrity and availability. Affected components: MSE6-C2M, M...
CVE-2023-3634 Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...
CVE-2023-3634
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...
CVE-2026-33456
Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...
CVE-2026-33456 Potential livestatus injection in notification test
Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...
CVE-2026-33456
Summary of CVE-2026-33456 : A Livestatus injection vulnerability exists in Checkmkās notification test mode for versions before 2.5.0b4 and before 2.4.0p26. An authenticated user who can access the notification test page can inject arbitrary Livestatus commands via a crafted service description. ...
PT-2026-31899
Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.5.0b4 and prior to 2.4.0p26 Description A flaw exists in Checkmk that allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands through a crafted service...
CVE-2026-33456
Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...
EUVD-2025-208132
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2025-9907
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2025-9907 Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2025-9907 Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2025-9907
CVE-2025-9907 affects Red Hat Ansible Automation Platform (Event-Driven Ansible, EDA) Event Stream API. In test mode, the test_headers exposure allows leakage of internal headers and sensitive client credentials, with potential impact including credential exposure, internal infrastructure detail ...
event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...