EUVD-2022-52353

Malicious code in bioql PyPI...

EUVD-2021-31003

Malicious code in bioql PyPI...

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

CVE-2025-57816

CVE-2025-57816 concerns the Fides Webserver API rate limiting. The issue arises in deployments that rely on the built‑in IP‑based rate limiter in proxied environments (CDNs, proxies, load balancers): limits are applied to the immediate connection IP rather than the client IP, and counters are sto...

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

GHSA-HJFH-P8F5-24WR Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Summary The OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate their privileges to owner-level. Details When creating or updating OAuth...

Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Summary The Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs rather than client IPs, and stores counters in-memory rather than in a...

Linux Distros Unpatched Vulnerability : CVE-2022-27920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0. CVE-2022-27920...

Linux Distros Unpatched Vulnerability : CVE-2014-10073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The createresponse function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the...

CVE-2025-8907

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...

MAL-2025-17053 Malicious code in cirrus-webserver (npm)

The package cirrus-webserver was found to contain malicious code...

MAL-2025-39046 Malicious code in webserver-internal-v2 (npm)

The package webserver-internal-v2 was found to contain malicious code...

Malicious code in webserver-internal-v2 (npm)

The package webserver-internal-v2 was found to contain malicious code...

Malicious code in cirrus-webserver (npm)

The package cirrus-webserver was found to contain malicious code...

Rockwell Automation ArmorBlock 5000 I/O - Webserver

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

CVE-2025-8907

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...

CVE-2025-8907

The CVE-2025-8907 entry concerns H3C M2 NAS V100R006, where the Webserver Configuration component is implicated. The vulnerability is described as allowing execution with unnecessary privileges via local manipulation, with attack complexity rated high and requiring local access. Vendor notes indi...