78 matches found
PT-2025-54837
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test headers field when an event stream is in test mode. The possible outcome...
event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
Red Hat Ansible Automation Platform Information Disclosure Vulnerability
Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for strategic automation from Red Hat, Inc. An information disclosure vulnerability exists in Red Hat Ansible Automation Platform Red Hat AAP that originates from an access restriction that can be bypassed via Event Stream Test...
EUVD-2022-7302
Malicious code in bioql PyPI...
EUVD-2025-1934
Malicious code in bioql PyPI...
UBUNTU-CVE-2025-0937
Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...
CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace
Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...
CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace
Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...
CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace
Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...
Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace
Summary Nomad Community and Nomad Enterprise “Nomad” event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces. This vulnerability, identified as CVE-2025-0937, is fixed in Nomad Community Edition 1.9.6 and Nomad Enterprise 1.9.6, 1.8.10, and...
CVE-2022-23466 DOM-based cross-site scripting (XSS) in teler dashboard
teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...
GHSA-XR7P-8Q82-878Q teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Description teler prior to version = 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard are not sanitized. Impact This only affects authenticated...
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Description teler prior to version = 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard are not sanitized. Impact This only affects authenticated...
Kitabisa Teler 跨站脚本漏洞
Kitabisa Teler is a software from the Kitabisa team for implementing intrusion detection and threat alerts based on web logs. A cross-site scripting vulnerability exists in versions prior to Kitabisa Teler 2.0.0-rc.4, which stems from the fact that log data displayed on the dashboard is not clean...
CVE-2022-3867
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2...
UBUNTU-CVE-2022-3867
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2...
CVE-2022-3867 Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2...
CVE-2022-3867 Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2...