CVE-2026-5412

CVE-2026-5412 (Juju) : An authorization issue in the Juju Controller facade allows an authenticated, low-privileged user to call the CloudSpec API and extract cloud credentials used to bootstrap the controller. This affects Juju versions prior to 2.9.57 and 3.6.21. The issue is mitigated by upgra...

EUVD-2021-14647

Malware in sbrugna...

EUVD-2021-24900

Malware in sbrugna...

EUVD-2020-27053

Malware in sbrugna...

EUVD-2017-14250

Malware in sbrugna...

EUVD-2021-9425

Malicious code in bioql PyPI...

EUVD-2023-42166

Malicious code in bioql PyPI...

EUVD-2023-58764

Malicious code in bioql PyPI...

EUVD-2025-5881

Malicious code in bioql PyPI...

EUVD-2023-57721

Malicious code in bioql PyPI...

CVE-2025-2171

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN...

CVE-2024-35295

A vulnerability has been identified in Perfect Harmony GH180 All versions = V8.0 V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025. The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an...

CVE-2024-25036

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields...

CVE-2023-26597

Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2020-5863

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...

CVE-2005-1654

Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set...

CVE-2024-40635 vulnerabilities

Vulnerabilities for packages: zarf, linkerd2, cloudbeat-fips, helm-operator-fips, ctop, kots, docker-compose-fips, rancher-agent, docker-fips, flux-source-controller-fips, grype-db, skaffold, cilium-cli, kubevela, k8ssandra-client, beats-fips, opa, cert-manager-cmctl, envoy-gateway-fips,...

CVE-2024-41778

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

CVE-2024-41778 IBM Controller information disclosure

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

CVE-2024-41778 IBM Controller information disclosure

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...