26 matches found
EUVD-2019-3453
Malware in sbrugna...
EUVD-2013-4226
Malware in sbrugna...
EUVD-2014-0974
Malware in sbrugna...
EUVD-2016-9743
Malware in sbrugna...
EUVD-2016-4080
Malware in sbrugna...
EUVD-2014-1461
Malware in sbrugna...
EUVD-2024-35229
Malicious code in bioql PyPI...
EUVD-2024-22929
Malicious code in bioql PyPI...
EUVD-2022-2890
Malicious code in bioql PyPI...
EUVD-2023-36706
Malicious code in bioql PyPI...
CVE-2025-24471
CVE-2025-24471 : FortiOS contains an improper certificate validation flaw (CWE-295) that could let an EAP-enabled remote user connect from FortiClient using a revoked certificate. Affected versions are FortiOS 7.6.1 and earlier and 7.4.7 and earlier. The underlying issue is certificate validation...
CVE-2025-29266
Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled...
CVE-2024-35184
Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the...
CVE-2024-35184 paperless-ngx's remote user auth via header works even when disabling it for API
Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the...
CVE-2024-35184 paperless-ngx's remote user auth via header works even when disabling it for API
Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the...
CVE-2022-45320
Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page...
Command injection
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system...
CVE-2023-32462
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system...
GHSA-6W8C-6JRG-QWJ2 Radicale regex metacharacters injection in the user name
Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by...
RHEL 6 : openshift-origin-broker (RHSA-2014:0423)
Updated openshift-origin-broker and rubygem-openshift-origin-auth-remote-user packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.0.5. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring...