CVE-2026-20042

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

EUVD-2026-17935

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

CVE-2026-20042

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

CVE-2026-20042

The CVE-2026-20042 issue affects Cisco Nexus Dashboard’s configuration backup feature. The root cause is that authentication details are stored in encrypted backup files, and an attacker with a valid backup file and the encryption password can decrypt the backup to retrieve sensitive information....

EUVD-2020-3902

Malware in sbrugna...

EUVD-2025-31141

Malicious code in bioql PyPI...

CVE-2025-54419

A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details with...

CVE-2025-54419 Node-SAML Contains SAML Signature Verification Vulnerability

A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details with...

CVE-2025-54419

CVE-2025-54419 – Node-SAML (Node.js) : Affected component is the node-saml library. In v5.0.1, it loads the SAML assertion from the unsigned original response document, separate from the parts that are verified for signature. This mismatch allows an attacker who has a validly signed IdP document ...

CVE-2025-54369

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...

PT-2025-30730

Name of the Vulnerable Software and Affected Versions Node-SAML affected versions not specified Description Node-SAML is susceptible to a flaw where it loads the assertion from the unsigned original response document, differing from the signature verification process. This allows modification of...

Information Disclosure

org.elasticsearch.client, elasticsearch-rest-client is vulnerable to memory disclosure. The vulnerability is due to error messages leaking uninitialized buffer data when handling malformed queries, which allows an attacker to access sensitive information such as documents or authentication detail...

CVE-2023-48303

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage...

CVE-2020-11551

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi...

U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday issued an emergency directive ED 24-02 urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email...

GHSA-Q394-H7F5-7F44 Generation of Error Message Containing Sensitive Information in Elasticsearch

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data...

Generation of Error Message Containing Sensitive Information in Elasticsearch

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data...

Design/Logic Flaw

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data...

CVE-2021-22145

CVE-2021-22145 affects Elasticsearch 7.10.0–7.13.3 in its error reporting, allowing memory disclosure where an attacker submitting malformed queries could cause error messages to include previously used data buffer contents (e.g., documents or authentication details). The issue is documented acro...

CVE-2021-22145

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data...