GHSA-535G-62R7-CX6V Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

The servicenow config URL is using a generic django View with no authentication. URL: /plugins/ssot/servicenow/config/ Impact What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...

Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL

The servicenow config URL is using a generic django View with no authentication. URL: /plugins/ssot/servicenow/config/ Impact What kind of vulnerability is it? Who is impacted? An Unauthenticated attacker could access this page to view the Service Now public instance name e.g...

EUVD-2023-2812

Malicious code in bioql PyPI...

Kibana 8.16.4 and 8.17.2 Security Update (ESA-2025-02)

Kibana Prototype Pollution can lead to code injection ESA-2025-02 Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal. Affected Versions: Kibana versions 8.16.1 up to and including 8.16.3, and 8.17.0 up to and including 8.17.1 Solutio...

SUSE-SU-2024:4360-1 Security update for docker

This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker whic...

PT-2024-7785 · Palo Alto Networks +1 · Cortex Xsiam +2

Name of the Vulnerable Software and Affected Versions: Cortex XSOAR and Cortex XSIAM affected versions not specified Description: The issue is related to the storage of protected information in an unencrypted form in the ActiveMQ message broker integration. This could allow a remote attacker to...

PT-2024-6370 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.5.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, a specially crafted...

PT-2024-6371 · Mindsdb +1 · Mindsdb +1

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.3.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Weaviate integration is installed on the server. If a specially crafted SELECT WHERE clause containing Python code is run against a...

PT-2023-10697 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x before 11.2.4, 11.3.x before 11.3.1 Description: The issue is related to Server-Side Request Forgery SSRF via the Kubernetes integration. This can lead to the...