Nginx UI 代码注入漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a code injection vulnerability. This vulnerability stemmed from the backup restoration endpoint POST /api/restore, which operates without authentication within the first 10 minutes after the process...

CVE-2025-60949

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

CVE-2025-60949 Census CSWeb leaked configuration files

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

CVE-2021-47903

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

CVE-2021-47903

LiteSpeed Web Server Enterprise version 5.4.11 has an authenticated command injection vulnerability in the external app configuration interface. A user with administrative privileges can inject shell commands via the Command parameter, enabling remote code execution through path traversal and bas...

PT-2026-4516

Name of the Vulnerable Software and Affected Versions LiteSpeed Web Server Enterprise version 5.4.11 Description LiteSpeed Web Server Enterprise version 5.4.11 has an issue where a user with administrative privileges can inject commands into the system. This occurs through the 'Command' parameter...

CVE-2023-29502

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path...

EUVD-2023-33069

Malicious code in bioql PyPI...

GACS - App Configuration settings not being applied to HTML5 Client

App Configuration service GACS settings to disable options in the Toolbar for HTML5 client are not applied...

PT-2024-5729 · Citrix · Citrix Workspace App For Html5

Name of the Vulnerable Software and Affected Versions: Citrix Workspace app for HTML5 affected versions not specified Description: The issue is related to a bypass of GACS Policy Configuration settings in the Citrix Workspace app for HTML5. This is due to incorrect default permissions. Exploitati...

Failed to access "app configuration" in webstudio

Cannot configure "App Configuration" in Citrix DaaS. When click on this feature, it redirects to the main page...

CVE-2023-29502 PTC Vuforia Studio Path Traversal

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path...

Spring Cloud Azure 5.0 is now Generally Available

Were very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

Spring Cloud Azure 5.0 is now Generally Available

We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

Spring Cloud Azure 5.0 is now Generally Available

We're very pleased to announce that Spring Cloud Azure 5.0 is now generally available. This major release includes the following features, improvements, and documentation updates: Compatible with Spring Boot 3 and Spring Cloud 2022.0.0 Supports Passwordless Connections Updated Azure for Spring...

Malicious code in perf-app-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cc995c3afac1423ae79036d01a28d9363866a6de0ed7b1b62d5f0d887c8c416 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5277 Malicious code in perf-app-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cc995c3afac1423ae79036d01a28d9363866a6de0ed7b1b62d5f0d887c8c416 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1235 Malicious code in azure-app-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bac8e55fb37ec14c6908f9cf768d5c7d1d36a7e31211ae8bd33e94944a14cad6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in azure-app-configuration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bac8e55fb37ec14c6908f9cf768d5c7d1d36a7e31211ae8bd33e94944a14cad6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1236 Malicious code in azure-app-configuration-samples-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f3caa24729c2ac0af1146bf2bbbcca02d1e2f1e764a559e6fca42216afcb620 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...