CVE-2026-0240 Trust Protection Foundation: Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability in Trust Protection Foundation enables an authenticated attacker to obtain sensitive information from the server's vault. Successful exploitation of this issue allows the attacker to impersonate any user within the environment and arbitrarily modify...

CVE-2025-10354

Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...

Sylius has an Open Redirect via Referer Header

Impact CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate application link placed on an attacker-controlled page. Th...

CVE-2026-31819

Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...

CVE-2026-31819 Sylius has an Open Redirect via Referer Header

Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction and StorageBasedLocaleSwitcher::handle use the HTTP Referer header directly when redirecting. The attack requires the victim to click a legitimate...

CVE-2026-31819

Sylius (Open Source eCommerce Framework on Symfony) has a referer-based redirect issue in CurrencySwitchController::switchAction, ImpersonateUserController::impersonateAction, and StorageBasedLocaleSwitcher::handle. The vulnerability arises when a victim clicks a link on an attacker-controlled pa...

PT-2026-22970

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific...

B&R Industrial Automation B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from incomplete filtering of special elements of SSH server scripts, which could...

PT-2025-6120 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence platform affected versions not specified Description: The Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or...

keycloak-core: mTLS passthrough

A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication...

CVE-2024-10943 FactoryTalk® Updater Authentication Bypass

An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication...

CVE-2024-10943 FactoryTalk® Updater Authentication Bypass

An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication...

CVE-2024-8458

The CVE-2024-8458 entry concerns PLANET Technology switch models whose web interface is vulnerable to Cross-Site Request Forgery (CSRF). Affected component: the web application on certain PLANET switch devices. Root cause: CSRF in the web front end allows an unauthenticated remote attacker to tri...

Rockwell FactoryTalk Batch View < 3.00 Authentication Bypass

The version of Rockwell FactoryTalk Batch View installed on the remote Windows host is prior to 3.00. It is, therefore, affected by a vulnerability. - An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could...

CVE-2024-45823 FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets

CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during...

CVE-2024-7401

CVE-2024-7401 affects Netskope Client enrollment: NSClient uses a static OrgKey token as authentication parameter, which cannot be rotated if leaked. Root cause is the static token in the enrollment flow; impact is impersonation by enrolling NSClient from a customer tenant. Public fix details are...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in several Office products. A malicious party can exploit the vulnerabilities to impersonate another user, execute arbitrary code with the victim's privileges and potentially gain access to sensitive data in the victim's context. Successful exploitation require...

Important: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service...

RHEL 9 : ipa (RHSA-2024:3757)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

RHEL 5 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: noexec bypass via wordexp CVE-2016-7076 - sudo: symbolic link attack in SELinux-enabled sudoedit...