CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

Harbor 安全漏洞

Harbor is an open-source registry developed by Harbor Open Source. It protects artifacts through policy-based and role-based access control, ensures that images are scanned for vulnerabilities, and signs images as trustworthy. Versions of Harbor prior to 2.15.0 have security vulnerabilities; thes...

Information Exposure

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Information Exposure in the error messages in the UI when a DAG fails during parsing. A user can obtain sensitive information from kwargs passed t...

CVE-2026-26049

The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form...

"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization

Overview Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect authorization CWE-863 - CVE-2025-65002 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...

CVE-2025-13175

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...

CVE-2025-13175

Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector. This issue affects Y Soft SafeQ ...

EUVD-2018-11258

Malware in sbrugna...

EUVD-2022-36796

Malicious code in bioql PyPI...

EUVD-2022-47728

Malicious code in bioql PyPI...

EUVD-2023-0019

Malicious code in bioql PyPI...

EUVD-2024-38951

Malicious code in bioql PyPI...

PT-2025-27494 · Ibm · Ibm System Storage Virtualization Engine Ts7700

Name of the Vulnerable Software and Affected Versions: IBM System Storage Virtualization Engine TS7700 versions 3957 VED R5.4 8.54.2.17 through R6.0 8.60.0.115 IBM System Storage Virtualization Engine TS7700 versions 3948 VED R5.4 8.54.2.17 through R6.0 8.60.0.115 IBM System Storage Virtualizatio...

PT-2025-23423 · Ibm · Ibm Planning Analytics Local

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics Local versions 2.0 through 2.1 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...

CVE-2022-30272

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...

CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

CVE-2025-47419 Non-Secure Access

Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from...

PT-2025-19990 · Crestron · Crestron Automate Vx

Name of the Vulnerable Software and Affected Versions: Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49 Description: The issue allows for the cleartext transmission of sensitive information, such as user passwords, due to the device allowing Web UI and API access over non-secure...

PT-2025-16267 · Ibm · Ibm Aspera Console

Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.4 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

PT-2025-16183 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.11 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within...