17 matches found
CVE-2026-38743 Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...
WordPress plugin WP Bannerize Pro 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-24529 WordPress Quick Restaurant Reservations plugin <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through = 1.6.7...
EUVD-2007-0415
Malware in sbrugna...
EUVD-2010-5256
Malware in sbrugna...
EUVD-2023-2018
Malicious code in bioql PyPI...
CVE-2025-8660
Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed...
CVE-2025-20285
A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is due to improper enforcement of access controls...
WebWasher Classic Server Mode Arbitrary Proxy CONNECT Request
There is a flaw in the remote WebWasher Proxy. The Proxy, when issued a CONNECT command for 127.0.0.1 or localhost/loopback, will comply with the request and initiate a connection to the local machine. This bypasses any sort of firewalling as well as gives access to local applications which are...
smallftpd Multiple Vulnerabilities (Traversal, DoS)
The remote FTP server is vulnerable to a flaw that allows users to access files that are outside the FTP server root. An attacker may break out of his FTP jail by issuing the command : CWD .... In addition, it has been reported that a user can crash the service by supplying malformed input to the...
WebLogic Servlets Multiple Vulnerabilities
The remote web server is WebLogic. An internal management servlet that does not properly check user credentials can be accessed from outside, allowing an attacker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic...
NFS Predictable Filehandles Filesystem Access
The remote NFS server might allow an attacker to guess the NFS filehandles, and therefore allow them to mount the remote filesystems without the proper authorizations. C Tenable Network Security, Inc. This is a very old flaw include"compat.inc"; if description scriptid11353; scriptversion"1.18";...
PHP-Nuke Network Tools Add-On Arbitrary Command Execution
It is possible to make the remote host execute arbitrary commands through the use of the PHPNuke addon called 'Network Tools'. An attacker may use this flaw to gain a shell on this system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...
Cisco PIX Firewall Mailguard Feature SMTP Content Filter Bypass
The remote SMTP server seems to be protected by a content filtering firewall probably Cisco's PIX. However, an attacker may bypass this content filtering by issuing a DATA command before a MAIL command, that allows him to directly communicate with the real SMTP daemon. C Tenable Network Security,...
MySQL Short Check String Authentication Bypass
The remote version of MySQL is older than or as old as version 3.22.30 or 3.23.10. Thus, it may allow attacker who knows a valid username to access database tables without a valid password. C Tenable Network Security, Inc. include 'compat.inc' ; if description scriptid10343; scriptversion"1.31";...
Multiple MTA HELO Command Remote Overflow
The remote SMTP server seems to allow remote users to send mail anonymously by providing arguments that are too long to the HELO command more than 1024 chars. This problem may allow malicious users to send unsolicited mail i.e., SPAM or threatening mail using the server, and keep their anonymity....
WinGate Passwordless Default Installation
Wingate is a program that allows a Windows98 computer to act as a proxy. Unfortunately, the default configuration is too permissive and allows anyone to use this computer to connect anywhere, thus hiding the real IP address. This WinGate server does not ask for any passwords, and thus can be used...