7 matches found
GHSA-7QMG-GRCP-QF25 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...
PT-2026-39201
Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description The GpplDocumentLinkHandler resolves the filename directive in GPPL postprocessor files into clickable links. The handler accepts arbitrary absolute, relative, UNC, and subfolder paths...
EUVD-2026-22991
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses a...
PT-2025-41477
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX affected versions not specified Description Newforma Info Exchange NIX contains a flaw in the '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' endpoint that allows a remote, unauthenticated attacker to force NIX to...
The vulnerability of the cross-platform access control system IBM i Access Client Solutions, related to improper session management, allows a hacker to intercept the user’s session and disclose sensitive information about the NT LAN Manager hash (NTLM).
The vulnerability of the cross-platform access control system IBM i Access Client Solutions is related to improper session management. Exploiting this vulnerability can allow an attacker to intercept a user’s session and disclose sensitive information about the NT LAN Manager hash NTLM...
PT-2024-6576 · Veeam · Veeam Backup Enterprise Manager +1
Name of the Vulnerable Software and Affected Versions: Veeam Backup Enterprise Manager affected versions not specified Description: The issue allows high-privileged users to steal the NTLM hash of the Enterprise manager service account. This is related to insufficient access control in Veeam Back...
Veeam Recovery Orchestrator Security Breach
Veeam Recovery Orchestrator is a Veeam company that provides comprehensive reporting, automated testing, and at-a-glance compliance dashboards. A security vulnerability exists in Veeam Recovery Orchestrator. An attacker could exploit the vulnerability to access the NTLM hash of a service account...