49 matches found
EUVD-2026-18308
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
PT-2026-29773
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...
WordPress plugin LatePoint 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os
PAN-OS Stored XSS — Incomplete Sanitization of a Known-Bad Var...
CVE-2025-25255
An Improperly Implemented Security Check for Standard vulnerability CWE-358 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user ...
CVE-2025-25255
An Improperly Implemented Security Check for Standard vulnerability CWE-358 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user ...
CVE-2025-25255
An Improperly Implemented Security Check for Standard vulnerability CWE-358 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user ...
CVE-2025-25255
The CVE-2025-25255 entry describes an Improperly Implemented Security Check for Standard vulnerability (CWE-358) in Fortinet FortiOS 7.6.0–7.6.3 and FortiProxy 7.6.0–7.6.3, FortiProxy 7.4.0–7.4.11, FortiProxy 7.2 all versions, and FortiProxy 7.0.1–7.0.22. The issue allows an unauthenticated proxy...
EUVD-2016-8295
Malware in sbrugna...
EUVD-2023-26162
Malicious code in bioql PyPI...
EUVD-2023-0219
Malicious code in bioql PyPI...
PT-2025-23856 · Freshrss · Freshrss
Name of the Vulnerable Software and Affected Versions: FreshRSS versions prior to 1.26.2 Description: FreshRSS is a self-hosted RSS feed aggregator. When the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the Remote-User header or the X-WebAuth-User...
CVE-2023-22946
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
CVE-2023-21997
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User...
BIT-SPARK-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
Apache Spark < 3.4.0 Privilege Escalation (CVE-2023-22946)
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
The vulnerability of the Proxy User Delegation sub-component of the Oracle User Management component in the Oracle E-Business Suite system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Proxy User Delegation sub-component of the Oracle User Management component in the Oracle E-Business Suite automation system for enterprise activities is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remote...
Improper Privilege Management
spark-core is vulnerable to Improper Privilege Management . The vulnerability exists because the library does not properly disallow arbitrary custom classpaths with the proxy user in cluster mode, which allows an attacker to provide malicious configuration-related classes in the classpath...
CVE-2023-21997
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User...
SUSE CVE-2023-22946
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...