CVE-2026-45715 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration

Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration packages/server/src/integrations/rest.ts follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecti...

PT-2026-30612

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources...

CVAT.ai CVAT security vulnerability

CVAT.ai CVAT is an open-source data processing tool developed by CVAT.ai. Versions 2.2.0 to 2.54.0 of CVAT.ai contain security vulnerabilities. These vulnerabilities allow attackers to execute arbitrary JavaScript in the CVAT UI sessions of victim users, potentially enabling them to access all CV...

CVE-2025-59385 QTS, QuTS hero

An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the...

CVE-2025-64180

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

EUVD-2021-27227

Malware in sbrugna...

CVE-2019-12880

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing within webaccessibleresources. An attacker can take advantage of this vulnerability and cause significant harm...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...

CVE-2024-6426 Information exposure vulnerability vulnerability in MESbook

Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API value of the application...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from a special case that prevents users from accessing the underlying resources...

Privilege Escalation

github.com/stolostron/governance-policy-propagator is vulnerable to Privilege Escalation. In a formed policy, the library makes it possible for dynamically acquired policies to leverage cluster scoped access, enabling a local attacker to access resources from the namespace where the policy was...

SUSE CVE-2014-0107

The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted 1...

PT-2022-26137 · Opensearch · Opensearch Notifications Plugin

Name of the Vulnerable Software and Affected Versions: OpenSearch Notifications Plugin versions 2.0.0 through 2.2.0 Description: A potential Server-Side Request Forgery SSRF issue in the OpenSearch Notifications Plugin could allow an existing privileged user to enumerate listening services or...

Microsoft Endpoint Configuration Manager 安全漏洞

Microsoft Endpoint Configuration Manager is a local management solution from Microsoft. It is used to manage networked or Internet-based desktops, servers, and laptops. A security vulnerability exists in Microsoft Endpoint Configuration Manager, which can be exploited by an attacker to gain acces...

ProjectSend 信息泄露漏洞

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend version r754, where the source application provides direct access to an object-based application that allows an attacker to bypass authorization and...

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in Broadcom Brocade SANnav versions prior to 2.2.0, which stems from a lack of server-side restrictions. A remote attacker could exploit the vulnerability to access resources they...

Improper Authorization

Overview smartproxysalt is a Saltstack plug-in for Foreman's Smart Proxy. Affected versions of this package are vulnerable to Improper Authorization by allowing foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to...

OpenSC 安全漏洞

OpenSC is an open source smart card tool and middleware. A security vulnerability exists in OpenSC that allows an authenticated, local attacker to access and delete limited resources...

squid: Improper input validation issues in HTTP Request processing

A flaw was found in squid. Due to incorrect input validation, squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters...

Palo Alto Networks PAN-OS Authorization Issue Vulnerability (CNVD-2020-32234)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. An authorization issue vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker with a specially crafted request to bypass authentication and gain access t...