CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

Red Hat Quay 代码问题漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has code-related vulnerabilities; these vulnerabilities stem from the LDAP and SMTP authentication functions of the config-tool, which do not filter IP or host addresses. This may allow...

PT-2026-44797

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client id and client secret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to...

[SECURITY] Fedora 43 Update: cmake-3.31.11-1.fc43

CMake is used to control the software compilation process using simple platform and compiler independent configuration files. CMake generates native makefiles and workspaces that can be used in the compiler environment of your choice. CMake is quite sophisticated: it is possible to support comple...

[SECURITY] Fedora 43 Update: pcs-0.12.2-1.fc43

pcs is a configuration tool for Corosync and Pacemaker. It permits users to easily view, modify and create high availability clusters based on Pacemaker. This package contains the pcs command-line utility and its server pcsd...

EUVD-2025-208404

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

RLSA-2026:2452 Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: prototype pollution in .unset and .omit functions CVE-2025-13465 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...

Oki、Ricoh和Murata Machinery多款产品 代码问题漏洞

The OKI Configuration Tool is a product of the OKI company. The OKI Configuration Tool is a configuration management tool. The RICOH SP C740 is a product of the Japanese RICOH company. The RICOH SP C740 is a color laser printer. The RICOH PC6000L is a color printer. There are code vulnerabilities...

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

CVE-2025-26385

CVE-2025-26385 concerns Johnson Controls Metasys components vulnerable to an Improper Neutralization of Special Elements used in a Command (Command Injection) , with potential for remote SQL execution . Affected versions include Metasys ADS/ADX with SQL Express in 14.1 and earlier, LCS8500/NAE850...

CVE-2025-26385 Metasys product command injection vulnerability could allow remote SQL execution

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

PT-2026-5389

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 12.0 through 14.1 Johnson Controls Metasys Application and Data Server ADS versions 14.1 and prior Johnson Controls Metasys Extended Application and Data Server ADX version 14.1 Johnson Controls Metasys System...

EUVD-2026-3646

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject...

CVE-2021-47884 Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject...

CVE-2021-47884 Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject...

CVE-2021-47884

Affected product and vulnerability: OKI Configuration Tool 1.6.53 with an unquoted service path in the OKI Local Port Manager service. The unquoted path is in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe', which can allow a local attacker to inject a malicious executable and escalate p...

CVE-2021-47884

OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject...

OKI Configuration Tool code-related vulnerabilities

OKI Configuration Tool is a configuration management tool developed by OKI Corporation. Version 1.6.53 of the OKI Configuration Tool contains a code vulnerability. This vulnerability stems from an unquoted service path within the OKI Local Port Manager service, which may allow local attackers to...

MiracleLinux 7 : pcs-0.9.152-10.el7 (AXSA:2016-896:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-896:01 advisory. pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. Security issues fix...