14 matches found
GNCC GP5 安全漏洞
GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the practice of storing the pre-signed Backblaze B2 upload URL as plain text in the serial console. This could allow physically...
Jupyter多款产品 跨站脚本漏洞
Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...
Directus: Missing Cross-Origin Opener Policy
Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...
HAPI FHIR 安全漏洞
HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.4 contained security vulnerabilities. These vulnerabilities stemmed from the FHIR Validator HTTP service exposing unauthenticated /loadIG endpoints, and the credential provider had a fla...
PT-2026-29084
Name of the Vulnerable Software and Affected Versions awesome-llm-apps versions prior to commit e46690f99c3f08be80a9877fab52acacf7ab8251 Description A cross-session information disclosure issue exists in the awesome-llm-apps project. The Streamlit-based GitHub MCP Agent stores user-supplied API...
CVE-2026-33720
n8n is an open source workflow automation platform. Prior to version 2.8.0, when the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an...
GHSA-8WPV-6X3F-3RM5 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name
Summary A stored Cross-site Scripting XSS vulnerability was identified in the Identity Name of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of the Web...
PT-2026-6861
Summary Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. Vulnerable Code javascript //...
CVE-2025-62794 GitHub Workflow Updater stored the optional Github token in plaintext
GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" ap...
EUVD-2025-24672
Malicious code in bioql PyPI...
CVE-2025-24973
CVE-2025-24973 (Concorde/Nexkey) affects Concorde versions prior to 12.25Q1.1. The root cause is an improper logout implementation where authentication credentials remain in cookies after logout, potentially allowing an attacker to steal tokens. Impact is severe if a user with admin privileges is...
keycloak: redirect_uri validation bypass
A flaw was found in the redirecturi validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users...
Tenable Network Security Nessus 安全漏洞
Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Nessus Agent versions 7.2.0 through 8.2.2, which can be exploited by attackers to obtain a token...
PT-2021-14886 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 11.5 and later Description: The issue is related to insufficient validation of authentication parameters in GitLab Pages, allowing an attacker to steal a victim's API token if they click on a maliciously crafted link...