CVE-2026-45137

Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...

CVE-2026-45137 Anchor: Program<'info, System> is not properly validated

Anchor is a framework providing several convenient developer tools for writing Solana programs. From 1.0.0 to before 1.0.2, an logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential arbitrary cpi in progra...

CVE-2025-11170

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

EUVD-2025-60945

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2025-11170

CVE-2025-11170 concerns the WP移行専用プラグイン for CPI (WordPress) up to version 1.0.2, where missing file type validation in Cpiwm_Import_Controller::import allows unauthenticated uploads of arbitrary files. The consequence stated across sources is potential remote code execution on the affected site, ...

WordPress WP移行専用プラグイン for CPI plugin <= 1.0.2 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin WP移行専用プラグイン for CPI versions = 1.0.2...

EUVD-2017-14080

Malware in sbrugna...

CVE-2022-45157

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

CVE-2022-45157

CVE-2022-45157 affects Rancher where vSphere CPI/CSI credentials used to deploy clusters are stored in plaintext within Rancher. This leads to HIGH impact on confidentiality and integrity for vSphere environments (passwords stored insecurely in a Rancher object). CVSS data in the initial document...

GO-2024-3223 Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher

Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

PT-2024-10044 · Rancher +1 · Rancher +1

Name of the Vulnerable Software and Affected Versions: Rancher versions prior to 2.8.9 Rancher versions prior to 2.9.3 Rancher versions 2.7.0 through 2.7.x Description: A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container...

If currentMonth in init is 0, then CPI update will revert, zero div

This is a manual upgrade of the sixth item in QA report 86 , per judge @jack-the-pug's assessment of it as a Medium risk issue. If currentMonth in init is 0, then CPI update will revert, zero div --- The text was updated successfully, but these errors were encountered: All reactions...

Division by zero in isWithinDeviationThreshold

Judge @jack-the-pug is upgrading the following issue from a QA report issue 30 to Medium risk: Division by zero in isWithinDeviationThreshold if a is zero. This only seems to be the case if the oracle would return 0 for CPI and in this case, something is wrong anyway. Should still handle this err...

NonCustodialPSM can become insolvent as CPI index rises

Lines of code Vulnerability details Impact NonCustodialPSM mints and redeems VOLT to a chosen stablecoin at the current market rate minus a fixed fee. It is assumed that the difference to be covered with pcvDeposit funds. That assumption is similar to one used in FEI protocol, but there no rate...

Oracle price does not compound

Lines of code Vulnerability details Impact The oracle does not correctly compound the monthly APRs - it resets on fulfill. Note that the oraclePrice storage variable is only set in updateCPIData as part of the oracle fulfill callback. It's set to the old price price from 1 month ago plus the...

Cisco Prime Infrastructure runrshell Local Privilege Escalation Vulnerability

Cisco Prime Infrastructure CPI is a wired and wireless network management software suite that consists of different networking applications from Cisco Systems. The system is used across various industries, from healthcare, manufacturing, government, IT, etc. A vulnerability was found in the...

Cisco Prime Infrastructure Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Unauthenticated Remote Code Execution', 'Description' = %q Cisco Prime Infrastructure CPI contains two basic flaws tha...

Cisco Prime Infrastructure Unauthenticated Remote Code Execution

Cisco Prime Infrastructure CPI contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege...