Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an access control flaw in the Account Resources user lookup endpoint. It allows remote authenticated users who have at least one...

CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft

On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their...

CVE-2025-52870

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

EUVD-2025-32343

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 2025/07/31...

CVE-2025-48880

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring. This issue has been patched in version 1.8.181...

CVE-2024-42062

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...

PT-2024-29718 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.10.0 through 4.19.1.0 Description: The issue is caused by an access permission validation problem that allows domain admin accounts to query all registered account-users API and secret keys, including those of the...

Information Disclosure Vulnerability in Multiple Cisco Products (CNVD-2019-44128)

Cisco Webex Meeting Center is an online collaborative videoconferencing solution from Cisco.Cisco Webex Event Center is a webinar and online event management platform.Cisco Webex Support Center is a videoconferencing solution for service support teams. Cisco Webex Event Center is a webinar and...

Revive Adserver Cross-Site Request Forgery Vulnerability

Revive Adserver is an open source ad management system from the Revive Adserver team. A cross-site request forgery vulnerability exists in Revive Adserver versions prior to 3.2.2, which can be exploited by a remote attacker to perform specific plugin operations or cause a denial of service...

CVE-2015-7366

Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that 1 perform certain plugin actions and possibly cause a denial of service disabled core plugins via unknown vectors or 2 change the...

Default password 'debug' for account 'user' (SSH/Telnet)

The account SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.17293";...