CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

EUVD-2024-29876

Malicious code in bioql PyPI...

CVE-2024-32049

BIG-IP Next Central Manager CM may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-32049 BIG-IP Next Central Manager vulnerability

BIG-IP Next Central Manager CM may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000138634: BIG-IP Next Central Manager vulnerability CVE-2024-32049

Security Advisory Description BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials. CVE-2024-32049 Impact This vulnerability may allow an unauthenticated attacker in a man-in-the-middle MITM position between a BIG-IP Next...

Hardcoded credentials

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...

CVE-2016-0391

The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...