12 matches found
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error in the ManagedWebAccessUtils.getServer function. An attacker can obtain authentication credentials by leveraging improper URL prefix matching during HTTP redirects, causing sensitive headers such as Bearer tokens...
Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)
Streamlit Open Source Security Advisory 1. Impacted Products Streamlit Open Source versions prior to 1.54.0 running on Windows hosts. 2. Introduction Snowflake Streamlit Open Source addressed a security vulnerability affecting Windows deployments related to improper handling and validation of...
MiracleLinux 7 : python-pip-9.0.3-7.el7 (AXSA:2020-4518:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4518:01 advisory. python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 python-urllib3: CRLF injection...
EUVD-2025-31661
Malicious code in bioql PyPI...
EUVD-2025-0077
Malicious code in bioql PyPI...
EUVD-2025-24211
Malicious code in bioql PyPI...
PT-2025-39921
Name of the Vulnerable Software and Affected Versions MinIO Java SDK versions prior to 8.6.0 Description The MinIO Java SDK is a client for performing bucket and object operations with Amazon S3 compatible object storage services. Versions prior to 8.6.0 improperly handle XML tag values containin...
PT-2025-6725 · Ibm · Ibm Qradar Siem
Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.5 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This...
DEBIAN-CVE-2024-26306
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...
PT-2024-14837 · Genie Company · Aladdin Connect Mobile Application
Name of the Vulnerable Software and Affected Versions: The Genie Company Aladdin Connect Mobile Application versions 5.65 Build 2075 and below Description: The issue concerns the storage of users' product account authentication data in clear text within the application. This allows an attacker wi...
PT-2022-17151 · Jenkins · Jenkins Swamp Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SWAMP Plugin versions 1.2.6 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified web server using attacker-specified credentials. The vulnerability is due to a...
CVE-2019-11384
The Zalora application 6.15.1 for Android stores confidential information insecurely on the system i.e. plain text, which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/sharedprefs/logindata.xml...