2917 matches found
CVE-2026-45558
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...
HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data,...
CVE-2026-9735
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...
CVE-2026-45642
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...
Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path
A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...
CVE-2026-45558
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...
EUVD-2026-36039
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...
EUVD-2026-35856
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...
CVE-2026-9735
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...
CVE-2026-9735 Keyfile contents are in MongoDB Server logs
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...
Keyfile contents are in MongoDB Server logs
MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...
CVE-2026-9735
CVE-2026-9735 concerns MongoDB server logging of SASL authentication parameters. The connected documents specify that when connection health metric logging is enabled, full authentication parameters (potentially including credentials) may be written to the server log without redaction. The NVD/NV...
EUVD-2026-35689
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...
CVE-2026-45642
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...
CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability
...
CVE-2026-45642
Microsoft Azure Attestation service and Device Health Attestation Service are affected by improper input validation, allowing an authorized attacker to perform spoofing with a physical attack. CVSS 3.1, base score 3.9 (LOW); attack vector Physical, privileges required High, integrity impact High,...
CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability
...
CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability
...
CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability
...
Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...