GHSA-QQPG-MVQG-649V Logback allows an attacker to instantiate classes already present on the class path

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

EUVD-2023-30286

Malicious code in bioql PyPI...

EUVD-2023-31818

Malicious code in bioql PyPI...

SUSE CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

CVE-2023-28093

A user with a compromised configuration can start an unsigned binary as a service...

CVE-2023-26467

A man in the middle can redirect traffic to a malicious server in a compromised configuration...

CVE-2024-39344

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The ApttusDocuApiDocusignAuthenticationmdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when install...

CVE-2023-26467

A man in the middle can redirect traffic to a malicious server in a compromised configuration...

CVE-2023-26467

A man in the middle can redirect traffic to a malicious server in a compromised configuration...

CVE-2023-28093

A user with a compromised configuration can start an unsigned binary as a service...

PT-2023-21553 · Pegasystems +1 · Synchronization Engine

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A user with a compromised configuration can start an unsigned binary as a service. There is no information provided about the estimated number of...

PT-2023-20658 · Pegasystems +1 · Synchronization Engine

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A man in the middle can redirect traffic to a malicious server in a compromised configuration. Recommendations: At the moment, there is no information about a newer version that...

CVE-2023-28093

A user with a compromised configuration can start an unsigned binary as a service...

CVE-2023-28093

Concrete details found in connected documents indicate a Pegasystems Synchronization Engine vulnerability (Pegasystem Synchronization Engine) affecting versions 3.1.1 through 3.1.27. The issue allows a user with non-administrative access to modify a client configuration and server URL, enabling p...

CVE-2023-26467

Technical details about CVE-2023-26467 are not publicly available in the provided documents; monitor for updates.

CVE-2023-26467

A man in the middle can redirect traffic to a malicious server in a compromised configuration...