FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability stems from an authorization bypass in the iApp’s xApp isolation mechanism. The comparison function incorrectly compares xappid with itself...

PT-2026-40006

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

CVE-2025-70841

Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...

CVE-2026-22806 vCluster Platform's Access Keys Allows Access Beyond Scope

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...

EUVD-2021-24144

Malware in sbrugna...

EUVD-2017-14636

Malware in sbrugna...

CVE-2021-37586

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user with Administrator rights to replay a previously recorded conversation of another tenant due to insufficient validation...

PT-2024-5854 · Cisco · Cisco Application Policy Infrastructure Controller

Name of the Vulnerable Software and Affected Versions: Cisco Application Policy Infrastructure Controller APIC affected versions not specified Description: A vulnerability in the restricted security domain implementation could allow an authenticated, remote attacker to modify the behavior of...

Oracle DB Broken PDB Isolation / Metadata Exposure

Title: CVE-2021-2173 – PDB Isolation is broken through metadata exposure Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: Medium Solution Status: Fixed CVE Reference: CVE-2021-2173 Author of Advisory: Emad Al-Mousa Overview:...

Oracle DB Broken PDB Isolation / Metadata Exposure Vulnerability

Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container. Title: CVE-2021-2173 – PDB Isolation is broken through metadata exposure Product: Database...

Improper kubeconfig validation allows arbitrary code execution

Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...

PT-2022-16897 · Unknown +1 · Kustomize-Controller +2

Name of the Vulnerable Software and Affected Versions: Flux2 versions 0.1.0 through 0.29.0 helm-controller versions 0.1.0 through 0.19.0 kustomize-controller versions 0.1.0 through 0.23.0 Description: The issue concerns code injection via malicious Kubeconfig files, potentially leading to privile...

PT-2021-22798 · Primekey · Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: PrimeKey EJBCA versions prior to 7.6.0 Description: An issue was discovered where the CMP RA Mode in PrimeKey EJBCA can be exploited by using a known client certificate to authenticate enrolling clients. The same RA client certificate is used...

CVE-2021-37586

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user with Administrator rights to replay a previously recorded conversation of another tenant due to insufficient validation...

Input validation

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user with Administrator rights to replay a previously recorded conversation of another tenant due to insufficient validation...

CVE-2021-37586

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user with Administrator rights to replay a previously recorded conversation of another tenant due to insufficient validation...

CVE-2021-37586

The CVE affects Mitel’s PowerPlay Web component in Mitel Interaction Recording Multitenancy systems prior to version 6.7. Affected component allows an Administrator to replay a previously recorded conversation from another tenant due to insufficient validation. No exploit details are provided in ...

Mitel Interaction Recording Multitenancy 输入验证错误漏洞

Mitel Interaction Recording Multitenancy is an interactive call recording system from Mitel Canada. A security vulnerability exists in the PowerPlay Web component of the Mitel Interaction Recording Multitenancy system prior to 6.7, which arises from insufficient authentication and replay of a...

MSPs and MSSPs Can Increase Profit Margins With Cynet 360 Platform

As cyber threats keep on increasing in volume and sophistication, more and more organizations acknowledge that outsourcing their security operations to a 3rd-party service provider is a practice that makes the most sense. To address this demand, managed security services providers MSSPs and manag...