99 matches found
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security Update (Critical) (RHSA-2026:28376)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28376 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers ca...
CVE-2026-11807 Eda-server: websocket missing authorization allows credential theft via activation_id spoofing
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...
eda-server: websocket missing authorization allows credential theft via activation_id spoofing
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...
CVE-2025-9908 Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers such as X-Trusted-Proxy and X-Envoy- and event stream URLs via crafted requests and job...
EUVD-2019-7836
Malware in sbrugna...
EUVD-2025-19585
Malicious code in bioql PyPI...
EUVD-2025-19586
Malicious code in bioql PyPI...
EUVD-2022-28862
Malicious code in bioql PyPI...
EUVD-2022-28736
Malicious code in bioql PyPI...
EUVD-2022-28735
Malicious code in bioql PyPI...
EUVD-2022-28863
Malicious code in bioql PyPI...
Malicious code in @zalastax/nolb-_eda (npm)
The package @zalastax/nolb-eda was found to contain malicious code...
MAL-2025-42996 Malicious code in @zalastax/nolb-_eda (npm)
The package @zalastax/nolb-eda was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2022-23803
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and...
Malicious code in ot-eda-messages (npm)
The package ot-eda-messages was found to contain malicious code...
Malicious code in ot-eda-node (npm)
The package ot-eda-node was found to contain malicious code...
MAL-2025-28606 Malicious code in ot-eda-messages (npm)
The package ot-eda-messages was found to contain malicious code...
MAL-2025-28607 Malicious code in ot-eda-node (npm)
The package ot-eda-node was found to contain malicious code...
aap-gateway: CSRF origin checking is disabled
A flaw was found in the Ansible aap-gateway. Cross-site request forgery CSRF origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda...
event-driven-ansible: Template Injection via Git Branch and Refspec in EDA Projects
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In...