Astra Linux - уязвимость в zabbix

The Zabbix API’s user.get method returns all users that share a common group with the calling user. This includes media and other information, such as login attempts, etc...

LDAP Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to LDAP Injection via unsanitized input in the authData.id parameter during the construction of LDAP Distinguished Names and...

EUVD-2026-10928

Parse Server vulnerable to LDAP injection via unsanitized user input in DN and group filter construction...

CVE-2026-31828

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input authData.id is interpolated directly into LDAP Distinguished Names DN an...

PT-2026-24482

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.13 Parse Server versions prior to 8.6.26 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its LDAP authentication adapter. The issue stems fro...

CVE-2025-49012 Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs...

DEBIAN-CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

UBUNTU-CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix that stems from returning all user information, including media and other information, that...

PT-2023-5114 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 1.8.2 through 2.3.12 Argo CD versions 2.4.0 through 2.4.18 Argo CD versions 2.5.0 through 2.5.5 Argo CD versions 2.6.0-rc0 through 2.6.0-rc2 Description: The issue is related to an improper authorization bug in Argo CD, causi...

GHSA-GMHR-6F43-7QPJ Moodle does not properly implement group-based access restrictions

The coreenrolgetenrolledusers web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant...

Moodle does not properly implement group-based access restrictions

The coreenrolgetenrolledusers web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant...

CVE-2015-5339

The coreenrolgetenrolledusers web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant...