CVE-2021-47724 STVS ProVision Authenticated File Disclosure via archive.rb

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

CVE-2021-47724

STVS ProVision 5.9.10 is affected by a path traversal vulnerability in the archive download endpoint (/archive/download) that can be exploited by an authenticated attacker via the files parameter to read arbitrary files (e.g., /etc/passwd). Root cause: directory traversal in archive.rb implementa...

CVE-2021-47723 STVS ProVision Cross-Site Request Forgery (Add Admin)

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

CVE-2021-47723 STVS ProVision Cross-Site Request Forgery (Add Admin)

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...

CVE-2021-47723

CVE-2021-47723 affects STVS ProVision 5.9.10 and is a Cross-Site Request Forgery vulnerability where unvalidated HTTP requests allow an attacker to perform actions with admin privileges (e.g., create new admin users). The Red Hat and EUVD entries mirror this description. No exploitation details a...

PT-2025-50244

Name of the Vulnerable Software and Affected Versions STVS ProVision version 5.9.10 Description The software contains a cross-site request forgery issue. This allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. An attacker can create new...

STVS ProVision 路径遍历漏洞

STVS ProVision is an advanced video management system from STVS Corporation. A path traversal vulnerability exists in STVS ProVision version 5.9.10, which stems from a path traversal issue in the archive download function that could lead to arbitrary file reads...

STVS ProVision 跨站请求伪造漏洞

STVS ProVision is an advanced video management system from STVS, Inc. A cross-site request forgery vulnerability exists in STVS ProVision version 5.9.10, which stems from an unauthenticated HTTP request with a cross-site request forgery issue that could lead to the creation of an administrator us...

EUVD-2018-9697

Malware in sbrugna...

EUVD-2021-14544

Malware in sbrugna...

EUVD-2025-1559

Malicious code in bioql PyPI...

EUVD-2025-14810

Malicious code in bioql PyPI...

PT-2025-27608 · Nokia · Nokia Single Ran Baseband

Name of the Vulnerable Software and Affected Versions: Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP Description: The issue arises when a crafted SOAP "provision" operation message is sent with a malicious PlanId field within the Mobile Network Operator MNO internal Radio...

CVE-2025-0224

A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...

CVE-2025-30205

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2025-30205

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2025-30205

CVE-2025-30205 affects the kanidm-provision helper utility, which uses kanidm’s API to provision users/groups/OAuth2. Before patch 1.2.0, a faulty instrumentation in the optional kanidm patches causes provisioned admin credentials (admin/idm_admin) to be leaked to the system log. Impact is limite...

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...