21 matches found
CVE-2026-10078
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...
CVE-2026-10078
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...
CVE-2026-10078
The CVE-2026-10078 entry concerns Quay config-tool’s GitLab OAuth validator. The vulnerability causes client_id and client_secret to be sent in plaintext via URL query parameters during POST requests to the GitLab endpoint, enabling potential exposure of credentials in logs (server access logs, r...
EUVD-2026-33272
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...
CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...
CVE-2026-10052
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
CVE-2026-10078
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...
EUVD-2026-33260
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
CVE-2026-10052 Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
CVE-2026-10052
The CVE-2026-10052 entry describes a flaw in Quay config-tool where LDAP and SMTP validation endpoints can initiate outbound connections to user-supplied endpoints. With config editor access, an attacker can trigger requests from the Quay pod, enabling potential internal network reconnaissance an...
CVE-2026-10052
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
CVE-2026-10052 Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
PT-2026-44761
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
EUVD-2026-25360
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...
CVE-2026-39462
CVE-2026-39462 affects SenseLive X3050, where the web management interface fails to reliably apply password changes due to backend credential handling. After factory restore with SenseLive Config 2.0, the UI may indicate a successful password update while the system continues to accept previous o...
Malicious code in ignite-callback-node-config-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8894545ee7492ce0676852567fe5d3d6b2139f08799c38602766a6a8f7f91fb1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-143507 Malicious code in ignite-callback-node-config-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8894545ee7492ce0676852567fe5d3d6b2139f08799c38602766a6a8f7f91fb1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Embedded Host Based Configuration (EHBC) feature of Intel AMT Enabled - Lenovo Support US
No description provided...
IP Finder 1.5 - Denial of Service (PoC)
IP Finder 1.5 - Denial of Service PoC Exploit Title: IP Finder 1.5 - Denial of Service PoC Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-12 Software Link: https://securimport.com/university/index.php/videovigilancia-ip/software/429-ip-finder Tested...
Tech-Source Raptor GFX PGX32 2.3.1 Config Tool Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1563/info Raptor GFX cards are designed to handle 24-bit true color applications such as Netscape, seismic, geographical information systems GIS, satellite imaging, pre-press imaging and general desktop use. They can also...