122 matches found
CVE-2026-49189 Broadcast Receiver Privilege Escalation
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...
EUVD-2026-34208
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the nnef-oam route group due to missing inbound authentication and authorization checks. An attacker can gain unauthorized access to administrative operations by sending unauthenticated requests to the exposed...
Authentication Bypass
Keylime is vulnerable to an Authentication Bypass. The vulnerability is due to missing enforcement of client-side TLS authentication in the Keylime registrar, allowing unauthenticated clients with network access to perform administrative operations such as listing agents, retrieving public TPM...
keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
JetBrains Hub 访问控制错误漏洞
JetBrains Hub is a web-based application developed by Czech company JetBrains. This program allows for the integration of various JetBrains tools. Versions of JetBrains Hub prior to 2025.3.119807 contained a access control vulnerability caused by an authentication bypass, which could lead to the...
Duplicate Advisory: Keylime Missing Authentication for Critical Function and Improper Authentication
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jqp-9qjv-57m2. This link is maintained to preserve external references. Original Description A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Laye...
CVE-2026-1709
A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...
CVE-2025-14525
A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...
CVE-2025-14525
A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...
PT-2026-4806
Name of the Vulnerable Software and Affected Versions kubevirt affected versions not specified Description A flaw exists in kubevirt where a user inside a virtual machine VM, with an active guest agent, can trigger a denial of service. By reporting an excessive number of network interfaces, the...
EUVD-2018-16627
Malware in sbrugna...
EUVD-2018-16622
Malware in sbrugna...
EUVD-2009-4370
Malware in sbrugna...
EUVD-2014-5218
Malware in sbrugna...
EUVD-2015-7691
Malware in sbrugna...
EUVD-2017-11825
Malware in sbrugna...
EUVD-2022-34480
Malicious code in bioql PyPI...
EUVD-2022-40961
Malicious code in bioql PyPI...
CVE-2025-10094
CVE-2025-10094 affects GitLab CE/EE, impacting all versions from 10.7 before 18.1.6; 18.2 before 18.2.6; and 18.3 before 18.3.2. The issue allows authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names, a root c...