CVE-2025-59870

Summary: CVE-2025-59870 affects HCL MyXalytics web applications. The issue is improper management of a static JWT signing secret that is not rotated, creating a risk to confidentiality and integrity. The cited sources consistently describe the secret as static and non-rotated across multiple feed...

EUVD-2021-9542

Malicious code in bioql PyPI...

PT-2025-34763

Name of the Vulnerable Software and Affected Versions: NetScaler ADC and NetScaler Gateway affected versions not specified Description: Improper access control exists on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway. An attacker gaining access to the appliance’s NSIP,...

ROS-20250526-05

Nomad application orchestrator vulnerability related to the fact that the HTTP search API can expose the names of available CSI plugins. of available CSI plugins. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to sensitive information Nomad application...

CVE-2023-51425

Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1...

CVE-2013-2833

Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements...

GNU Binutils objdump Memory Leak Vulnerability

GNU Binutils is a toolset for creating, assembling and linking programs. A memory leak vulnerability exists in GNU Binutils. The vulnerability stems from improper memory management in the displayinfo function in the bucomm.c file. No details of the vulnerability are provided at this time...

CVE-2024-13249 Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-013

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2...

Resource Leakage

github.com/apache/incubator-answer is vulnerable to Resource Leakage. The vulnerability is due to improper management of the password reset link's validity, allowing it to remain active and reusable even after it has been used...

PT-2024-25320 · 8Theme · 8Theme Xstore Core

Name of the Vulnerable Software and Affected Versions: 8theme XStore Core versions 5.3.8 and earlier Description: The issue is related to Improper Privilege Management, which allows Privilege Escalation. Recommendations: For versions 5.3.8 and earlier, update to a version later than 5.3.8 to...

CVE-2023-42419 Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)

Maintenance Server, in Cybellum's QCOW air-gapped distribution China Edition, versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the...

CVE-2023-42419 Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)

Maintenance Server, in Cybellum's QCOW air-gapped distribution China Edition, versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the...

Dell PowerPath Management Appliance Authorization Issues Vulnerability

The Dell PowerPath Management Appliance is a PowerPath host management application from Dell Inc. that offers two models: a virtual machine-based appliance and a Docker containerized appliance. An authorization issue vulnerability exists in Dell PowerPath Management Appliance versions 7.0, 7.1, a...

CVE-2021-21750

CVE-2021-21750 affects ZTE BigVideo Analysis Product. The vulnerability is an elevation of privilege due to improper management of the timed task modification privilege, enabling an attacker with ordinary user permissions (local access) to gain unauthorized access. Exploit status is not detailed ...

PT-2021-6343 · Unknown · Hevc Video Extensions

Name of the Vulnerable Software and Affected Versions: HEVC Video Extensions affected versions not specified Description: The issue is related to incorrect code generation management in the HEVC Video Extensions codec. Exploitation of this issue may allow an attacker to execute arbitrary code...

CVE-2021-40007

There is an information leak vulnerability in eCNS280TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure...

sgxwallet buffer overflow vulnerability (CNVD-2021-1012217)

Sgxwallet is an open source, high-performance hardware-secure cryptographic wallet based on Intel Sgx technology. sgxwallet has a buffer overflow vulnerability that stems from improper management of system resources e.g., memory, disk space, files, etc. by a networked system or product. No detail...

Input validation

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file...

CVE-2020-3996

Velero prior to 1.4.3 and 1.5.2 in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users...

CVE-2020-9102

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected produ...