10 matches found
CVE-2026-56270
Flowise (FlowiseAI) before 3.1.0, including 3.0.13 and earlier, exposes a missing authentication vulnerability at /api/v1/loginmethod that allows unauthenticated retrieval of an organization’s complete SSO configuration, including OAuth client secrets in cleartext, by passing an organizationId. T...
CVE-2026-3527
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...
CVE-2026-3527
CVE-2026-3527 affects Drupal AJAX Dashboard prior to 3.1.0. The Red Hat and EU/ENISA reports corroborate a missing authentication for a critical function in the AJAX Dashboard module, enabling exploitation due to incorrectly configured access control. The vulnerability stems from inadequate acces...
CVE-2026-31979
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...
WordPress plugin Education WordPress Theme | HiStudy SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Educati...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI CCM versions prior to 3.1.0 and Nagios XI version 5.8.0, which...
Cisco Cyber Vision Center Software Access Control Error Vulnerability
Cisco Cyber Vision Center Software is a set of industrial control system ICS monitoring solution from the U.S. company Cisco Cisco. The product supports dynamic asset inventory, real-time network monitoring and other functions. An access control error vulnerability exists in the access control...
Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-35461)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A cross-site scripting vulnerability exists in Mattermost Server versions prior to 3.1.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...
Gemalto Ezio Server Access Control Error Vulnerability
Gemalto Ezio Server is an authentication server from Gemalto USA. An access control error vulnerability exists in Gemalto Ezio Server versions prior to 3.1.0, which can be exploited by an attacker to access unauthorized resources...
CloudBees Jenkins Black Duck Hub Plugin Denial of Service Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Black Duck Hub Plugin is used in one...