CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

CVE-2026-54100 Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

CVE-2026-54100

CVE-2026-54100 affects the Windows Machine Config Operator (WMCO) used with Red Hat OpenShift Container Platform. The flaw is that WMCO establishes SSH connections to Windows worker nodes without verifying the remote host key, enabling an adjacent-network attacker who can intercept or redirect WM...

CVE-2026-54099

The CVE-2026-54099 entry describes a vulnerability in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift. The WICD CSR auto-approver only checks that a CSR’s organization includes system:wicd-nodes and does not reject extra organization values such as system:masters. A compromised W...

CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

PT-2025-44765

Name of the Vulnerable Software and Affected Versions Raspberry Pi Imager version 1.9.6 Description An issue exists in the OS customization feature of Raspberry Pi Imager. The 'public-key authentication' setting unintentionally re-adds a user's id rsa.pub key from their local Windows machine to t...

EUVD-2024-0079

Malicious code in bioql PyPI...

CVE-2025-38046

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

Rescan of Windows Machine in Protection Group Fails With "The network path was not found."

Article Applicability This article addresses situations in which credential-based authentication is used to add a Windows machine to a Veeam Agent for Microsoft Windows protection group. The troubleshooting steps below address connectivity failures that occur when Veeam Backup & Replication...

Winevt_Logs_Analysis - Searching .Evtx Logs For Remote Connections

Simple script for the purpose of finding remote connections to Windows machine and ideally some public IPs. It checks for some EventIDs regarding remote logins and sessions. You should pip install -r requirements.txt so the script can work and parse some of the .evtx files inside winevt folder. T...

laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...

CVE-2022-4223

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

"Access is Denied." When Using a Local Account to Add a Windows Machine to Veeam Backup & Replication

Article Applicability This article relates to an error that only occurs when Veeam Backup & Replication is deployed on a Windows machine. With the Veeam Software Appliance, to add a Windows machine using credentials, it requires that both the appliance and the Windows machine are added to the sam...

Brave Software: Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS

Summary: An attacker can use the "Save .torrent file" option in WebTorrent to smuggle malicious files onto the client's machine. Description Brave allows users to download the ".torrent" via WebTorrent. WebTorrent decides whether a file is torrent or not based on the following headers...

CVE-2020-16087

An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file...