CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

CVE-2026-9831 ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

PT-2026-44998

Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ affected versions not specified Description A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path can intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued AP...

CVE-2026-0689

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

CVE-2026-0689

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

CVE-2026-0689

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

CVE-2026-0689

Affected product/versions: ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10. Vulnerable component: NAC administration interface. Root cause / flaw: Authenticated NAC admin requests return underlying credential values in HTTP responses while UI shows redacted values, enabling recovery of stor...

CVE-2026-0689 XIQ‑SE NAC Admin Credential Exposure via HTTP Response

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

CVE-2026-0689 XIQ‑SE NAC Admin Credential Exposure via HTTP Response

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

EUVD-2026-9177

In ExtremeCloud IQ – Site Engine XIQ‑SE before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns th...

PT-2026-22608

Name of the Vulnerable Software and Affected Versions ExtremeCloud IQ – Site Engine XIQ‑SE versions prior to 26.2.10 Description A flaw exists in the NAC administration interface that allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. While...

EUVD-2025-18301

Malicious code in bioql PyPI...

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

CVE-2025-6083

CVE-2025-6083 affects ExtremeCloud Universal ZTNA. A syntax error in the searchKeyword condition allows queries to bypass the owner_id filter, potentially letting a user search data across the entire table instead of constraints tied to their owner_id. The available connected sources consistently...

CVE-2025-6083 ExtremeCloud Universal ZTNA Improper Authorization

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

CVE-2025-6083 ExtremeCloud Universal ZTNA Improper Authorization

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...

PT-2025-25448

Name of the Vulnerable Software and Affected Versions ExtremeCloud Universal ZTNA affected versions not specified Description A syntax error in the searchKeyword condition allows queries to bypass the owner id filter. This issue may enable users to search data across the entire table, rather than...

Extreme Networks Extreme ExtremeCloud IQ Site Engine 信息泄露漏洞

Extreme Networks ExtremeCloud IQ Site Engine Extreme Networks XIQ-SE is a site engine from Extreme Networks, Inc. providing end-to-end management of wired and wireless devices from the edge to the data center and across multi-vendor environments. A security vulnerability exists in Extreme Network...