644 matches found
CVE-2025-31997
CVE-2025-31997 affects HCL Unica Centralized Offer Management. The vulnerability is an Insecure Direct Object Reference (IDOR) that could allow an unauthenticated or authorized user to bypass access controls and directly access resources (e.g., database records or files). Root cause is insecure o...
CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF)
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery SSRF. An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server...
CVE-2025-31993
CVE-2025-31993 : HCL Unica Centralized Offer Management is vulnerable to a Server-Side Request Forgery (SSRF) due to improper input validation. An attacker can submit malicious input to a server-hosted application to trigger SSRF. The NVD entry assigns CVSSv3.1 base metrics of AV:N/AC:L/PR:N/UI:N...
CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF)
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery SSRF. An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server...
PT-2025-41702
Name of the Vulnerable Software and Affected Versions HCL Unica Centralized Offer Management affected versions not specified Description The software is susceptible to a Server-Side Request Forgery SSRF issue. This occurs due to improper input validation, allowing an attacker to submit malicious...
HCL Unica Centralized Offer Management 安全漏洞
HCL Unica Centralized Offer Management is a module of HCL India responsible for the unified management and distribution of offers. A security vulnerability exists in HCL Unica Centralized Offer Management, which stems from mishandling of exceptions and could lead to disclosure of sensitive...
HCL Unica Centralized Offer Management 安全漏洞
HCL Unica Centralized Offer Management is a module of HCL India responsible for the unified management and distribution of offers. A security vulnerability exists in HCL Unica Centralized Offer Management that originates from an insecure direct object reference that could lead to unauthorized...
EUVD-2017-15217
Malware in sbrugna...
Nozomi Networks Guardian/CMC SQL注入漏洞
Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. Nozomi Networks Guardian/CMC suffers from a SQL injection vulnerability that stems from improper validation of input parameters, which could lead to a SQL injection attack...
EUVD-2023-38776
Malicious code in bioql PyPI...
EUVD-2022-28120
Malicious code in bioql PyPI...
[SECURITY] Fedora 41 Update: freeipa-4.12.5-2.1.fc41
IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...
[SECURITY] Fedora 43 Update: freeipa-4.12.5-2.fc43
IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...
Centralized Vs. Decentralized Security for Space AI Systems? A New Look
This paper investigates the trade-off between centralized and decentralized security management in constellations of satellites to balance security and performance. We highlight three key AI architectures for automated security management: a centralized, b distributed and c federated. The...
LG Electronics AC Smart II 安全漏洞
LG Electronics AC Smart II is a centralized centralized controller for air conditioners from LG Electronics, a South Korean company. A security vulnerability exists in the LG Electronics AC Smart II that stems from a hidden form that allows unauthorized changes to the administrator's password,...
Linux Distros Unpatched Vulnerability : CVE-2024-11029
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation proces...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.0 release.
Red Hat Developer Hub 1.7.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
BIT-JENKINS-2024-9453 Jenkins-image: sensitive data disclosure when using openshift jenkins image
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if th...
ROS-20250814-04
Vulnerability in the moddavsvn module of the Subversion centralized version control system is related to a bug in the path-based authorization rule lookup. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
Hard-Earned Lessons in Access Control at Scale: Enforcing Identity and Policy across Trust Boundaries with Reverse Proxies and MTLS
In today's enterprise environment, traditional access methods such as Virtual Private Networks VPNs and application-specific Single Sign-On SSO often fall short when it comes to securely scaling access for a distributed and dynamic workforce. This paper presents our experience implementing a...