CVE-2026-40976

CVE-2026-40976 affects Spring Boot 4.0.0–4.0.5. In vulnerable configurations, a servlet-based web application that relies on Spring Boot’s default web security (no custom Spring Security config), depends on spring-boot-actuator-autoconfigure, and does not rely on spring-boot-health can experience...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization causing web security to be ineffective and allowing unauthorized access to all endpoints. Note: This is only exploitable if the following conditions are met: - the application is servlet-based; - the application ha...

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

EUVD-2022-34241

Malicious code in bioql PyPI...

CVE-2024-22334

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2022-29931

The administration interface of the Raytion Custom Security Manager Raytion CSM in Version 7.2.0 allows reflected Cross-site Scripting XSS...

CVE-2024-23560

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type...

CVE-2024-22334

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type,...

CVE-2024-22334

Summary : CVE-2024-22334 affects IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy, with an incomplete revocation of permissions when deleting a custom security resource type. The issue can cause associated permissions of objects using that type to remain or be misreported, leading to inaccurate p...

PT-2024-19347 · Ibm · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.0 through 7.0.5.20 IBM UrbanCode Deploy versions 7.1 through 7.1.2.16 IBM UrbanCode Deploy versions 7.2 through 7.2.3.9 IBM UrbanCode Deploy versions 7.3 through 7.3.2.4 IBM DevOps Deploy versions 8.0 through...

CVE-2022-29931

The administration interface of the Raytion Custom Security Manager Raytion CSM in Version 7.2.0 allows reflected Cross-site Scripting XSS...

CVE-2022-29931

The administration interface of the Raytion Custom Security Manager Raytion CSM in Version 7.2.0 allows reflected Cross-site Scripting XSS...

CVE-2022-29931

CVE-2022-29931 affects Raytion Custom Security Manager (CSM) administration interface in version 7.2.0, where a reflected Cross-site Scripting (XSS) vulnerability exists. The vulnerability arises in the admin UI and could allow injection of malicious scripts into the browser for victims visiting ...

PT-2022-19915 · Raytion · Raytion Custom Security Manager

Name of the Vulnerable Software and Affected Versions: Raytion Custom Security Manager version 7.2.0 Description: The administration interface of the Raytion Custom Security Manager allows reflected Cross-site Scripting XSS. This issue can be exploited through the administration interface,...

Open Automation Software OAS Platform访问控制错误漏洞

Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. An access control error vulnerability exists in Open Automation Software OAS Platform version V16.00.0112, which stems from an external configuration control issue with the OAS...

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

Put SecOps in the Driver’s Seat with Custom Assessment and Remediation

When zero-day threats emerge, time is of the essence. Security teams struggle to manage and respond to a range of challenges that often require custom approaches outside of existing vulnerability and security programs. Recently, many companies scrambled to mount their defenses against the Log4She...

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...