11 matches found
CVE-2026-5380
An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...
PT-2026-30875
An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...
PT-2026-5605
Name of the Vulnerable Software and Affected Versions MagicINFO 9 Server versions prior to 21.1090.1 Description A flaw exists in MagicINFO 9 Server that permits authorized users to upload HTML files without requiring authentication. This can lead to Stored Cross-Site Scripting XSS, potentially...
EUVD-2017-10187
Malware in sbrugna...
EUVD-2023-51897
Malicious code in bioql PyPI...
CVE-2023-51699
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...
CVE-2023-42781
Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are...
Aruba AirWave Management Platform 跨站请求伪造漏洞
Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. A cross-site request forgery vulnerability exists in the web manageme...
CVE-2020-7545
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software see security notification for version information that could allow for arbitrary code execution on the server when an authorized user access an affected webpage...
PT-2019-16570 · Zte · Zxhn F670
Name of the Vulnerable Software and Affected Versions: ZTE ZXHN F670 product versions up to V1.1.10P3T18 Description: The issue is related to a cross-site scripting vulnerability XSS due to incomplete input validation. An authorized user can exploit this to execute malicious scripts...
CVE-2017-3183
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determine...