33618 matches found
CVE-2026-36176
GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...
PT-2026-47036
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description The Vault service uses a hard-coded cryptographic key to sign file download URLs. Since this key is identical across all installations, an unauthenticated network attacker ca...
PT-2026-47032
Name of the Vulnerable Software and Affected Versions WP Captcha PRO versions prior to 5.39 Description An arbitrary file upload issue exists in the licensing module of the plugin. The flaw stems from a capability check in the save ajax function and unrestricted file extraction in sync cloud...
Demand-Driven Vulnerability Detection for Cloud Security Posture Management: Removing Human Rule Authoring from the Disclosure-To-Protection Critical Path
Cloud Security Posture Management CSPM systems detect known vulnerabilities by maintaining a rule set, distributing it to customers, and evaluating it against periodically-collected asset inventories. To our knowledge, in publicly documented architectures the rule set is environment-agnostic and...
PT-2026-47043
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server Vault Service affected versions not specified Description A path traversal issue exists in the 'UploadController' due to improper validation of a user-controlled path component during image upload requests. An...
PT-2026-47054
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server Collaboration Service affected versions not specified Description A path traversal issue exists due to improper handling of user-supplied filenames within the MCAD and Simulation file download flows. An authenticated...
PT-2026-47044
Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description Two path traversal issues in the Network Installation Service NIS allow an unauthenticated network attacker to read package archive files and write arbitrary files to any...
Malicious code in arjson (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...
Malicious code in javascript-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security d83c3b506a10b770a8c1f98d280262478cccc65708bb1066a72e0708dccaaf75 This malicious package is part the IronWorm campaign. This campaign executes a malicious binary payload during installation via a preinsta...
Malicious code in hbsig (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...
Malicious code in wdb-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...
CVE-2025-62338
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure...
GHSA-W2Q5-6Q6X-X959 vulnerabilities
Vulnerabilities for packages: gitlab-runner, kube-rbac-proxy, stern, temporal, dgraph, external-secrets-operator, terraform-provider-tls, secrets-store-csi-driver, cloudnative-pg, falcoctl, kubernetes-csi-external-attacher, kubernetes, knative-serving, vault-k8s, cue, rancher-machine, linkerd2,...
CVE-2026-39821 vulnerabilities
Vulnerabilities for packages: gitlab-runner, kube-rbac-proxy, stern, temporal, dgraph, external-secrets-operator, terraform-provider-tls, secrets-store-csi-driver, cloudnative-pg, falcoctl, kubernetes-csi-external-attacher, kubernetes, knative-serving, vault-k8s, cue, rancher-machine, linkerd2,...
GHSA-W2Q5-6Q6X-X959 vulnerabilities
Vulnerabilities for packages: pvc-autoresizer-fips, nri-mssql, terraform-provider-grafana, knative-net-istio-fips, virt-handler-fips, distribution-fips, keda-http-add-on-fips, minio-fips, grype, db-operator-fips, wave-fips, litmus-chaos-operator-fips, actions-runner-controller, azure-ipam,...
CVE-2025-62338
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure...
CVE-2025-62338 HCL BigFix Cloud Lifecycle Management is affected by lack of input validation
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure...
EUVD-2025-210065
The HCL BigFix Cloud Lifecycle Management is affected by Lack Of Input Validation. It may leads to an information exposure vulnerability. This low-level flaw allows unauthorized access...
CVE-2025-62338 HCL BigFix Cloud Lifecycle Management is affected by lack of input validation
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure...
CVE-2026-10843
A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...