EUVD-2025-209759

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

WSO2多款产品 安全漏洞

WSO2 API Manager, among others, are products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 API Control Plane is a control panel. WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 products have securi...

EUVD-2020-17394

Malware in sbrugna...

EUVD-2022-45519

Malicious code in bioql PyPI...

EUVD-2024-54321

Malicious code in bioql PyPI...

CVE-2023-26061

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...

CVE-2024-12619

Removed by vendor...

Incorrect Permission Assignment for Critical Resource

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the generatekeyfn function, which allows a user with the Internal role to change the keys of another user whose...

Odoo 访问控制错误漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed using Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. An access control...

CVE-2025-23369

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This...

GitHub Enterprise Server 数据伪造问题漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

CVE-2024-10824 Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which...

PT-2024-7926 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.13.0 through 3.13.1 GitHub Enterprise Server versions prior to 3.13.2 Description: The issue is related to an authorization bypass vulnerability in GitHub Enterprise Server, allowing unauthorized internal...

CVE-2023-26059

An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...

How to Configure GSLB Setup for Internal Users From GUI

This article contains information about how to configure a GSLB setup for internal users using the same host name. In some scenarios, the administrator requires that all external users coming through the Internet must go through the Citrix Gateway using a public or external IP Address, whereas al...

CVE-2022-42446

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users...

HCL Technologies HCL Sametime 安全漏洞

HCL Technologies HCL Sametime is a conferencing solution from HCL Technologies, USA. A security vulnerability exists in HCL Technologies HCL Sametime 12 that stems from an anonymous user logging in and being able to browse the user directory and potentially create chats with internal users...

CVE-2022-42446 HCL Sametime 12.0 and 12.0FP1 anonymous users have directory lookup access

Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users...