15 matches found
CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...
EUVD-2025-27285
Malicious code in bioql PyPI...
CVE-2025-5468
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a local authenticated attacker to re...
RLSA-2024:3043 Moderate: ansible-core bug fix, enhancement, and security update
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
Authorization
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...
CVE-2023-30955 Foundry workspace-server Developer Mode Authorization Bypass
A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fi...
Design/Logic Flaw
NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector...
LinkedIn: [ADMIN FEATURE ACCESS] Knowing The Competitors analytics of any company
Vulnerability description not provided...
Zomato: Add upto 10K rupees to a wallet by paying an arbitrary amount
| TimeStamp | Action | |----------|:-------------:| | Wed, 24 Nov 2021, 11:24 IST | Received the report | | Wed, 24 Nov 2021, 11:25 IST | Validation and analysis of issue initiated | | Wed, 24 Nov 2021, 11:28 IST | Vulnerability reported to the respective Internal Team | | Wed, 24 Nov 2021, 11:36...
CVE-2021-31815
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
Design/Logic Flaw
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
CVE-2021-31815
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
CVE-2020-10755
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...
Gratipay: Content Spoofing/Text Injection
Researcher @ahsantahir reported a content spoofing on the search functionality. The search query was displayed in the page, but without any prefix. We added "Results for:", so nobody can be misinformed. This has been fixed in the last version and the fix is now deployed. Thanks for making Gratipa...
Android Vulnerability: Install App Without User Explicit Consent
This vulnerability allows an app to install any number of apps with any type of permissions without user's explicit consent. It is based on two things: 1. You can install an app from Google Play using just the browser, even from PC. 2. An app can embed a browser and automatically login into your...