24 matches found
EUVD-2026-31136
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...
CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages
A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...
K000160873: Linux kernel vulnerability CVE-2026-23317
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup functi...
Cisco Webex Services Cross-Site Scripting Vulnerability
A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this...
CVE-2026-2244
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...
CVE-2026-2244
A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...
CVE-2026-1727
The CVE-2026-1727 entry describes an information disclosure in the Agentspace service arising from the use of predictable Google Cloud Storage bucket names for error logs and temporary data staging during GCS imports and Cloud SQL interactions. This predictability enabled bucket squatting, where ...
CVE-2026-1727
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...
BeeS Software Solutions BeeS Examination Tool (BET) portal contains SQL injection vulnerability
Overview The BeeS Examination Tool BET portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands t...
CVE-2025-64125
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...
CVE-2025-13428
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
CVE-2025-12952 Privilege Escalation in Dialogflow CX via Webhook Admin Role
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...
PT-2025-50307
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level...
PT-2025-49328
Name of the Vulnerable Software and Affected Versions Apigee-X versions prior to 1-16-0-apigee-3 Description A security issue in Apigee-X could allow an attacker to gain unauthorized read and write access to Apigee Analytics AX data and access logs belonging to other Apigee customer organizations...
CVE-2025-11915
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...
CVE-2025-11915
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...
EUVD-2025-35358
Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...
EUVD-2025-26615
Malicious code in bioql PyPI...
PT-2025-34599 · Google · Google Cloud Dataform
Name of the Vulnerable Software and Affected Versions: Google Cloud Dataform affected versions not specified Description: A path traversal vulnerability exists in the NPM package installation process of Google Cloud Dataform. A remote attacker can read and write files in other customers'...
SUSE CVE-2024-35221
Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...