19 matches found
Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace
Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy...
PT-2026-25851
Name of the Vulnerable Software and Affected Versions Romeo versions prior to 0.2.1 Description Romeo is a tool designed to measure code coverage for Go applications within GitHub Actions. A misconfigured NetworkPolicy allows a malicious actor to move from the "hardened" namespace to any other Po...
EUVD-2022-52760
Malicious code in bioql PyPI...
CVE-2025-48066
wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary...
CVE-2025-48066 wire-webapp has no database deletion on client logout
wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary...
CVE-2025-48066
CVE-2025-48066 affects wire-webapp; a regression stopped the client from deleting local data on logout for both public and regular clients. Data could remain on the device, and in some cases encryption-at-rest cryptographic material could not be exported. The issue was fixed in wire-webapp versio...
CVE-2024-50378 Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli
Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...
PT-2024-11972
Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.7.14 Rancher versions prior to 2.8.5 Description A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider. This...
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
CVE-2021-36934
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists ACLs on multiple system files, including the Security Accounts Manager SAM database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An...
CVE-2020-15271
In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...
CVE-2020-15271
In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...
PYSEC-2020-61
In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...
Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2015-1885)
Summary WebSphere Application Server Liberty Profile that is embedded in TADDM could allow a remote attacker to gain elevated privileges on the system when OAuth grant type of password is used. Vulnerability Details CVEID: CVE-2015-1885 DESCRIPTION: WebSphere Application Server Full Profile and...
Cb Defense October 2017 Release Speeds Up Your Response
During a response scenario, every minute counts. The faster you can complete your investigation, the faster you can start taking corrective action. That’s why this week we’re happy to announce the October 2017 update of Cb Defense, which improves search functionality within the Cb Defense console...
On the Joomla! Content management system vulnerability briefings-vulnerability warning-the black bar safety net
Recently, the national information security vulnerabilities library CNNVD received Beijing white cap Hui Technology Co., Ltd. on Joomla! Content management system there is a security bypass vulnerabilityCNNVD-2 0 1 6 1 0-7 3 9and the remote mention the right vulnerabilityCNNVD-2 0 1 6 1 0-7 4 0in...
Pine / IMAP bug?
I am not sure if this is a known issue but here goes: By sending a small message by directly telnetting to port 25 and doing the following I was able to crash Pine: someone@somehost telnet some.mail.server 25 Trying xxx.xxx.xxx.xxx... Connected to some.mail.server. Escape character is '^'. 220...
netscape4.5-nsform.tmp.txt
02-FEB-99 - http://www.skylab.org/netscape/index.html Yet another browser bug was found late last week. This time in Netscape's Communicator 4.5. The problem appears with the way Netscape handles forms. In many cases, the browser will store data entered on a FORM in C:\WINDOWS\TEMP in a NSFORM.TM...