14 matches found
BDCOM P3310D 跨站脚本漏洞
The BDCOM P3310D is an Ethernet switch device designed for access layer networks by the BDCOM company in China. The version BDCOM P3310D 0.4.2 10.1.0F Build 86345 contains a cross-site scripting vulnerability. This vulnerability stems from the operation of the Description parameter in the rmon...
EUVD-2025-25618
Malicious code in bioql PyPI...
EUVD-2022-2442
Malicious code in bioql PyPI...
CVE-2025-6791
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...
CVE-2025-6791 Second order SQL injection available to user with low privilege
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...
CVE-2025-6791 Second order SQL injection available to user with low privilege
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...
CVE-2025-6791 Second order SQL injection available to user with low privilege
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...
CVE-2025-6791
Centreon Web’s Monitoring event logs module is affected by an SQL Injection due to improper neutralization of special elements in an SQL command. An authenticated, low-privilege attacker can modify HTTP requests to insert payloads into the database. Affected Centreon Web versions: 23.10.0–23.10.2...
PT-2025-33108 · Centreon · Web
Name of the Vulnerable Software and Affected Versions: Centreon web versions 23.10.0 through 23.10.26 Centreon web versions 24.04.0 through 24.04.16 Centreon web versions 24.10.0 through 24.10.9 Description: The web application is susceptible to SQL Injection due to improper neutralization of...
Exposure of Sensitive Information to an Unauthorized Actor in MongoDB Rust Driver
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...
CVE-2021-20332
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...
CVE-2021-20332
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...
CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...
CVE-2021-20332
CVE-2021-20332 affects the MongoDB Rust Driver. The vulnerability arises because certain driver versions may emit monitoring events during pool creation that include credentials used to authenticate connections. If a user’s logging infrastructure ingests these events, credentials could be leaked....