348 matches found
Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs
Summary Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eight of those endpoints list, create, get, update, delete, test, listBranches, browseFiles never...
CVE-2026-33663
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...
CVE-2026-32633
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...
CVE-2026-31882
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication DAGUAUTHMODE=basic, all Server-Sent Events SSE endpoints are accessible without any credentials. This allows unauthenticated attackers to access real-time DAG...
Debian dla-4494 : liborthancframework-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4494 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4494-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 4494-1] orthanc security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4494-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini February 28, 2026 https://wiki.debian.org/LTS -...
CVE-2026-24455
The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...
CVE-2025-15581
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access...
CVE-2019-11367
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...
TencentOS Server 4: skopeo (TSSA-2025:0634)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0634 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2008-0377
Malware in sbrugna...
EUVD-2007-3136
Malware in sbrugna...
EUVD-2019-3129
Malware in sbrugna...
EUVD-2021-0467
Malware in sbrugna...
EUVD-2019-4888
Malware in sbrugna...
EUVD-2002-1635
Malware in sbrugna...
EUVD-2019-4887
Malware in sbrugna...
EUVD-2019-3045
Malware in sbrugna...
EUVD-2021-18144
Malware in sbrugna...
EUVD-2013-0933
Malware in sbrugna...