PT-2026-42036

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the REST layer when processing malformed HTTP requests. An attacker can gain unauthorized access to restricted API endpoints by crafting specially formed HTTP requests. This is only exploitable if custom plugi...

GHSA-83X9-VC3C-HGHC OpenSearch has a bypass of REST Layer Authorization Using Malformed Paths

Description A flaw was identified in the OpenSearch REST layer that could allow authorization checks to be bypassed when processing certain malformed HTTP requests. This could permit unauthorized access to restricted API endpoints in environments that rely on REST-layer authorization...

PT-2026-41480

Name of the Vulnerable Software and Affected Versions opensearch versions prior to 2.19.0 opensearch-ingest-attachment-plugin affected versions not specified opensearch-mapper-annotated-text-plugin affected versions not specified opensearch-mapper-murmur3-plugin affected versions not specified...

CVE-2024-55886 OpenTelemetry Logs source may lack authentication with some custom plugins

OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...

CVE-2024-55886 OpenTelemetry Logs source may lack authentication with some custom plugins

OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...

CVE-2024-55886

The CVE affects OpenSearch Data Prepper (OpenTelemetry Logs source) where custom GrpcAuthenticationProvider plugins that implement getHttpAuthenticationService() instead of getAuthenticationInterceptor() fail to perform authentication, allowing unauthorized data ingestion. Affected versions: 2.1....

OpenSearch Data Prepper 授权问题漏洞

OpenSearch Data Prepper is a component of the OpenSearch project, an OpenSearch open source project. An authorization issue vulnerability exists in OpenSearch Data Prepper version 2.1.0 through versions prior to 2.10.2, which stems from a vulnerability in which certain custom authentication...

Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.3.0 for RHEL 9

Secondary Scheduler Operator for Red Hat OpenShift 1.3.0 for RHEL 9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: Secondary Scheduler Operator for Red Hat OpenShift 1.2.1 for RHEL 9

Secondary Scheduler Operator for Red Hat OpenShift 1.2.1 for RHEL 9 An update for secondary-scheduler-operator-bundle-container and secondary-scheduler-operator-container is now available for OSSO-1.2.1-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Moderate...

CVE-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

CVE-2021-32768 Cross-Site Scripting via Rich-Text Content

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

PT-2021-4174 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.53 ELTS TYPO3 versions prior to 8.7.42 ELTS TYPO3 versions prior to 9.5.29 TYPO3 versions prior to 10.4.19 TYPO3 versions prior to 11.3.2 Description: The content rendering process in the website frontend is...

Exploit for CVE-2018-2894

Ladon Scanner for Python !Authorhttps://img.shields.io/bad...

ThreatIngestor - Extract And Aggregate Threat Intelligence

An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing worflow with SQS, Beanstalk, and custom plugins. Overview ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources,...

WhatWeb v0.4.9 - Next Generation Web Scanner

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700...