CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

SUSE CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

EUVD-2011-1385

Malware in sbrugna...

CVE-2025-54787

CVE-2025-54787 affects SuiteCRM 7.14.6. There is a vulnerability that allows unauthenticated downloads of files from the upload directory when the file is named by an ID (e.g., attachments). An unauthenticated attacker could download internal files by discovering a valid file-ID, with IDs often b...

Improper Certificate Validation

Overview salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more. Affected versions of this package are vulnerable t...

CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

UBUNTU-CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

PT-2025-25396 · Unknown +1 · Salt-Master +1

Name of the Vulnerable Software and Affected Versions: Salt Master affected versions not specified Description: The issue arises when the VirtKey class is called upon requesting "on-demand pillar" data. It utilizes un-validated input to create paths to the "pki directory". This functionality is...

CVE-2021-38388

Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project...

PT-2025-17445 · Dremio · Dremio

Name of the Vulnerable Software and Affected Versions: Dremio versions prior to 24.0.0 Dremio versions 24.3.0 through 24.3.16 Dremio versions 25.0.0 through 25.0.14 Dremio versions 25.1.0 through 25.1.7 Dremio versions 25.2.0 through 25.2.4 Description: An improper authorization issue in Dremio...

CVE-2021-38388

Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project...

CVE-2021-38388

Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project...

CVE-2011-1378

IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File UAF data, which allows local users to kill listener processes and the command server via a control command...