GHSA-WC4H-2348-JC3P Ech0 has Unauthenticated Server-Side Request Forgery in Website Preview Feature

Summary Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts a fully attacker-controlled URL, performs a server-side GET, reads the entire response body...

EUVD-2025-13625

Malicious code in bioql PyPI...

CVE-2025-40673

A Missing Authorization vulnerability has been found in DinoRANK. This vulnerability allows an attacker to access invoices of any user via accessing endpoint '/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf' because there is no access control. The pdf filename can be obtained via OSINT, insecure network...

CVE-2024-22315

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection...

Linux Distros Unpatched Vulnerability : CVE-2012-2736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. CVE-2012-2736 Note...

CVE-2024-22315

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection...

CVE-2024-22315

CVE-2024-22315 affects IBM Fusion and IBM Fusion HCI (versions 2.3.0–2.8.2). The root cause is an insecure network connection due to lack of egress/restriction on containerized environments, which could allow an attacker with access to a Fusion container to establish an external network connectio...

IBM Storage Fusion 安全漏洞

IBM Storage Fusion is a fully integrated platform from International Business Machines IBM for running and maintaining all native Red Hat OpenShift applications. A security vulnerability exists in IBM Storage Fusion that stems from vulnerability to an insecure network connection, allowing an...

PT-2024-10439 · Ibm · Ibm Fusion Hci +1

Name of the Vulnerable Software and Affected Versions: IBM Fusion and IBM Fusion HCI versions 2.3.0 through 2.8.2 Description: The issue is related to insufficient restriction of the communication channel for given endpoints, which may allow an attacker to gain unauthorized access to protected...

CVE-2024-47499 Junos OS and Junos OS Evolved: In a BMP scenario receipt of a malformed AS PATH attribute can cause an RPD crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service DoS. In a scenario where BGP Monitoring Protocol BMP is...

CVE-2024-31206 Use of Unencrypted HTTP Request in dectalk-tts

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...

IBM Planning Analytics Information Disclosure Vulnerability (CNVD-2023-9817594)

IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting and analysis. IBM Planning Analytics suffers from an information disclosure vulnerabilit...

CVE-2023-26024

IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898...

CVE-2023-26024

IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898...

PT-2023-20433 · Ibm · Ibm Planning Analytics On Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics on Cloud Pak for Data version 4.0 Description: The issue is caused by insecure network communication, which could allow an attacker on a shared network to obtain sensitive information. Recommendations: For IBM Planning...

Fedora: Security Advisory for openssh (FEDORA-2023-878e04f4ae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed security vulnerabilities

Summary IBM Planning Analytics Cartridge for IBM Cloud Pak for Data is vulnerable to security vulnerabilities . These have been addressed. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by an integer underflow in the...

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

SUSE CVE-2012-2736

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network...

DEBIAN-CVE-2021-21210

Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page...