CVE-2026-32140

Dataease (open source data visualization tool) Before version 2.10.20 is vulnerable via the Redshift JDBC driver where the IniFile parameter can be exploited to load an attacker-controlled configuration file. The getJdbcIniFile discovery mechanism can, if not restricted, locate rsjdbc.ini and, in...

EUVD-2024-55005

Malicious code in bioql PyPI...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

PT-2025-21163 · Netgate · Pfsense Ce

Name of the Vulnerable Software and Affected Versions: Netgate pfSense CE versions prior to 2.8.0 beta release Netgate pfSense CE corresponding Plus builds versions prior to 2.8.0 beta release Description: The issue allows remote attackers to execute arbitrary JavaScript, delete backups, or leak...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

CVE-2024-57273

CVE-2024-57273 affects Netgate pfSense CE and Plus builds older than pfSense 2.8.0 beta, with a stored/reflected XSS in the Automatic Configuration Backup (ACB) service. The unsanitized Reason field (and a derivable device key from the public SSH key) enables remote attacker JavaScript execution,...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a FreeBSD-based open source firewall and routing platform from Netgate that supports enterprise-class network security and network management features. A cross-site scripting vulnerability exists in Netgate pfSense CE versions prior to 2.8.0 beta, which stems from a cross-si...

ROS-20241203-07

Nextcloud mail client vulnerability is related to incorrect automatic configuration. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality Nextcloud mail client vulnerability is related to insufficient access control. Exploitation of the...

SUSE CVE-2022-34472

If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

DEBIAN-CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

UBUNTU-CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

PT-2022-11486 · Hashicorp +3 · Hashicorp Consul +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul versions 1.8.1 through 1.11.8 HashiCorp Consul version 1.12.4 HashiCorp Consul version 1.13.1 Description: The issue arises from improper validation of node or segment names prior to their interpolation and usage in JWT claim...

Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface

An advanced, yet simple, tunneling tool that uses a TUN interface. by TNP IT Security Introduction Ligolo-ng is a simple , lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection without the need of SOCKS. Features Tun interface No more SOCKS! Simpl...

Design/Logic Flaw

DISPUTED Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script...

CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

LFI Suite is a totally automatic tool able to scan and exploit Local File Inclusion vulnerabilities using many different methods of attack, listed in the section Features. Features Works with Windows, Linux and OS X Automatic Configuration Automatic Update Provides 8 different Local File Inclusio...

[SECURITY] Fedora 21 Update: realmd-0.15.2-2.fc21

realmd is a DBus system service which manages discovery and enrollment in r ealms and domains like Active Directory or IPA. The control center uses realmd as the back end to 'join' a domain simply and automatically configure things corre ctly...