CVE-2026-1961 Forman: foreman: remote code execution via command injection in websocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

CVE-2026-1961

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

EUVD-2020-6511

Malware in sbrugna...

CVE-2023-34111

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...

Command injection

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...

CVE-2023-34111

The Release PR Merged workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context due to the insecure usage of $ github.event.pullrequest.title in a bash command within the GitHub...

CVE-2023-25818

Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of...

Integrating JIRA to the Qualys Cloud Platform

This is the second in a blog series on integrations to the Qualys Cloud Platform. This post looks at what are the requirements to build a successful integration and workarounds when some of the pieces are missing functionality. We then specifically consider the question of integrated Qualys with...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update

An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite...

Design/Logic Flaw

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite...

CVE-2020-14371

CVE-2020-14371 describes a credential-leak vulnerability in Red Hat Satellite that exposes compute resources credentials through virtual machines running on Satellite resources. The issue appears in the Satellite deployment context and is documented in both the NVD entry and Red Hat security refe...

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite...

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite...

RHEL 7 : Satellite 6.7 . (Important) (RHSA-2020:1454)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1454 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...

Multi-Juicer - Run Capture The Flags And Security Trainings With OWASP Juice Shop

Running CTFs and Security Trainings with OWASP Juice Shop is usually quite tricky, Juice Shop just isn't intended to be used by multiple users at a time. Instructing everybody how to start Juice Shop on their own machine works ok, but takes away too much valuable time. MultiJuicer gives you the...

foreman: Recover of plaintext password or token for the compute resources

It was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "deletecomputeresource" permission can use this flaw to take control over compu...

Foreman < 1.20.3 and 1.21.0 Information Disclosure Vulnerability

Foreman is prone to an authenticated information dislosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if...