17 matches found
CVE-2026-41423
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...
Securing the AI Edge: Wiz and Cloudflare Integrate for End-to-End AI Protection
Gain a unified view of AI application endpoints and DNS exposure across your environment, including which are protected by Cloudflare and which need to be secured...
IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)
IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...
CVE-2025-36753 SWD Interface Open on Growatt ShineLan-X
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...
UBUNTU-CVE-2025-58149
When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allo...
PT-2025-44620
Name of the Vulnerable Software and Affected Versions libxl affected versions not specified Description The detach logic in libxl does not remove access permissions to 64-bit memory BARs when passing through PCI devices. This can allow a domain to retain access to these memory BARs even after the...
Ollama <= 0.9.6 Cross-Domain Token Exposure
The version of Ollama installed on the remote host is 0.9.6 or earlier. It is, therefore, affected by a vulnerability. Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.9.6 allows remote attackers to steal authentication tokens and bypass access controls via a malicious...
PYSEC-2025-147
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...
CVE-2025-51471
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint...
PT-2025-30449
Name of the Vulnerable Software and Affected Versions Ollama version 0.6.7 Description A cross-domain token exposure exists in the server.auth.getAuthorizationToken function. This allows remote attackers to steal authentication tokens and bypass access controls by exploiting a malicious realm val...
DNSSEC NSEC. The accidental treasure map to your subdomains
TL;DR: DNSSEC secures DNS but may unintentionally expose domain structures via NSEC/NSEC3 records, enabling zone walking to enumerate subdomains. NSEC openly lists domain names, making enumeration easy. NSEC3 hashes names, making enumeration harder, but attackers can still crack weak...
Intel Dynamic Tuning Technology 安全漏洞
Intel Dynamic Tuning Technology is a technology from Intel Corporation that enables smarter and more efficient performance management by dynamically tuning processor and system performance parameters. A security vulnerability exists in Intel Dynamic Tuning Technology, which arises from an issue...
Apache InLong 安全漏洞
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. It provides automated, secure, and reliable data transfer capabilities. Apache Software Foundation A security vulnerability exists in Apache InLong versions 1.4.0 through 1.7.0, which stems from a...
USN-5709-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2022-42927, CVE-2022-42928,...
Fortinet FortiManager和FortiAnalyzer 安全漏洞
Fortinet FortiManager and Fortinet FortiAnalyzer, both from Fortinet, are a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. The product is mainly used to collect network log data and analyze, report and archive...
PT-2022-9168 · Manageengine · Zoho Manageengine Adselfservice Plus
Name of the Vulnerable Software and Affected Versions: ManageEngine ADSelfService Plus versions prior to build 6116 Description: The issue allows a user from one domain to obtain the password policy for another domain by authenticating to the service and sending a request specifying the password...
ZOHO ManageEngine ADSelfService Plus 信息泄露漏洞
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability is caused by ManageEngine ADSelfService Plus under build 6116 storing the password...