CVE-2026-4217

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...

XREAL Nebula App 安全漏洞

The XREAL Nebula App is an application designed for XREAL’s augmented reality devices. Versions of the XREAL Nebula App 3.2.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of parameters such as accessKey, secretAccessKey, and securityToken in...

CVE-2026-20142 Sensitive Information Disclosure in "_internal" index in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC deployment who holds a role with access to the Splunk internal index could view the RSA accessKey value from the Authentication.conf file, in plain text...

PT-2026-20472

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions prior to 9.4.7 Splunk Enterprise versions prior to 9.3.9 Splunk Enterprise versions prior to 9.2.11 Description A user with access...

EUVD-2018-15660

Malware in sbrugna...

EUVD-2025-22817

Malicious code in bioql PyPI...

EUVD-2021-27880

Malicious code in bioql PyPI...

EUVD-2023-31331

Malicious code in bioql PyPI...

CVE-2025-8226

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The...

CVE-2023-27589

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

Insufficient Randomness

github.com/cubefs/cubefs is vulnerable to use of insufficient random strings. The vulnerability due to creation of the accessKey which is insufficiently random. This allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges...

CVE-2023-46740 Insecure random string generator used for sensitive data

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

CVE-2023-46740 Insecure random string generator used for sensitive data

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

CVE-2023-46740 Insecure random string generator used for sensitive data

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...

CVE-2023-43784

CVE-2023-43784 affects Plesk Onyx 17.8.11 where accessKeyId and secretAccessKey fields are tied to an Amazon AWS Firehose component. Red Hat and other sources confirm the issue; the vendor's position is that there is no security threat. Exploitation information is not provided in the connected do...

Privilege Escalation

github.com/minio/minio is vulnerable to Privilege Escalation. The vulnerability exists in the AddUser and ImportIAM functions of admin-handlers-users.go because a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created...

Design/Logic Flaw

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

CVE-2023-27589 Minio vulnerable to denial of access by an admin privileged user for root credential

Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE.2020-12-23T02-24-12Z and prior to RELEASE.2023-03-13T19-46-17Z, a user with consoleAdmin permissions can potentially create a user that matches the root credential accessKey. Once this user is created successfully, the root...

CVE-2021-40714

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the...

CVE-2021-40714

Adobe Experience Manager version 6.5.9.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the...