PT-2026-46243

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

CVE-2026-36176

GNCC GP5 v7.1.76 stores pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext on the serial console. This enables physically proximate attackers to extract active tokens and perform unauthorized operations via the serial UART interface. Root cause: tokens exposed in plaintext to the con...

Remote Code Execution (RCE)

@nocobase/plugin-workflow-javascript is vulnerable to Remote Code Execution. The vulnerability is due to improper sandbox isolation in the Workflow Script Node, where the exposed console object allows access to host-realm WritableWorkerStdio stream objects via console.stdout and console.stderr,...

Nocobase 安全漏洞

Nocobase is an open-source low-code platform developed by NocoBase. Versions of NocoBase prior to 2.0.28 contained security vulnerabilities. These vulnerabilities stemmed from workflow script nodes executing JavaScript provided by users within a Node.js vm sandbox. During this process, the consol...

Improper Control of Dynamically-Managed Code Resources

Overview @nocobase/plugin-workflow-javascript is an Execute a piece of JavaScript in an isolated Node.js environment. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the console object passed into the sandbox context, which exposes...

PT-2026-29158

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.28 Description NocoBase is an AI-powered no-code/low-code platform. Versions of NocoBase prior to 2.0.28 have a security flaw that allows an authenticated attacker to achieve Remote Code Execution RCE as root. Th...

CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

GHSA-VJR8-56P3-FMQQ Keycloak unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer MFT that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11...

GHSA-V63M-X9R9-8GQP AWS CDK CLI prints AWS credentials retrieved by custom credential plugins

Summary The AWS Cloud Development Kit AWS CDK 1 is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. The AWS CDK CLI 2 is a command line tool for interacting with CDK applications. Customers can use the CDK CLI ...

CVE-2024-29958

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption...

CVE-2024-29958

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption...

Broadcom Brocade SANnav 日志信息泄露漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which stems from an encryption key being printed in the console when a privileged user executes a script to replace the...

PT-2021-23328 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: ARCHIBUS Web Central version 21.3.3.815 Description: The issue arises from the software's failure to properly validate requests for access to data and functionality in several affected endpoints: "/archibus/schema/ab-edit-users.axvw",...

Red Hat Keycloak 跨站脚本漏洞

Keycloak is an open source identity and access management solution for modern applications and services. A reflected cross-site scripting vulnerability exists in keycloak. The vulnerability stems from a new account console in keycloak that allows malicious code to be executed using a referrer URL...

CVE-2018-0015

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is...