CVE-2025-68153

Juju vulnerability CVE-2025-68153 affects Juju versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19. An authenticated user, a machine, or a controller within a Juju controller could modify resources of an application across the entire controller. The issue is mitigated by upgrades to 2.9.56 or ...

Juju 安全漏洞

Juju is a canonical Juju open-source application orchestration engine. Vulnerabilities existed in versions of Juju between 2.9 and 2.9.56, as well as in versions between 3.6 and 3.6.19. These vulnerabilities stemmed from the ability for any authenticated user, machine, or controller to modify the...

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

EUVD-2018-0522

Malware in sbrugna...

EUVD-2023-52691

Malicious code in bioql PyPI...

PT-2025-39700

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.0.0 through 2.3.0 Description The Flag Forge platform contained a security issue where the /api/resources API endpoint permitted POST and DELETE requests without appropriate authentication or authorization. This allowed...

CVE-2024-10361

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit thi...

CVE-2024-10361 Arbitrary File Deletion via Path Traversal in danny-avila/librechat

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit thi...

CVE-2020-11846

A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1...

CVE-2020-11846

OpenText Privileged Access Manager before 3.7.0.1 is affected by CVE-2020-11846. The issue arises from the Token Handler, where issuing a token also sets a cookie that grants unrestricted access to all application resources. This represents improper privilege management and can enable remote expl...

Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.3 security and bug fix update

OpenShift API for Data Protection OADP 1.3.3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

PT-2024-28725 · Unknown · Kubeclarity

Name of the Vulnerable Software and Affected Versions: KubeClarity versions prior to 2.23.1 Description: A time/boolean SQL Injection is present in the /api/applicationResources resource via the packageID parameter. The vulnerability occurs because the fmt.Sprintf function is used to build the SQ...

CVE-2023-37526

The CVE-2023-37526 entry concerns HCL DRYiCE Lucy (now AEX). A CORS misconfiguration in the mobile app could allow unauthorized access to application resources from any web domain and enable cache poisoning, per sources in NVD/CVE records. The root cause is a CORS misconfiguration in the app, wit...

CVE-2024-22513

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...

IBM PowerSC Forced Browsing Vulnerability

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has a forced browsing vulnerability vulnerability that stems from not properly restricting access to URLs or resources, which can be exploited by an attacker to gain...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

Archer Platform Security Vulnerability

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability in Archer Platform version 6.x prior to 6.14 P1 HF2 6.14.0.1.2 stems from a vulnerability that allows an authenticated attacker to bypass authorization checks by manipulating a user request ...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

CVE-2023-48641

Archer Platform 6.x before 6.14 P1 HF2 6.14.0.1.2 contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass...

Information Leak

The MongoDB Driver is vulnerable to Information Leak. The vulnerability is due to the MongoDB Drivers erroneously publishing events containing authentication-related data to a command listener configured by an application. An attacker can get hold of this sensitive information when he accesses it...