Improper Restriction of Rendered UI Layers or Frames

Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...

EUVD-2019-0287

Malware in sbrugna...

CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and...

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

CVE-2024-50386 Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

CVE-2024-50386

CVE-2024-50386 affects Apache CloudStack where by default, derived KVM-compatible templates can be registered for download to primary storage. The root cause is missing validation checks for KVM templates in CloudStack versions 4.0.0–4.18.2.4 and 4.19.0–4.19.1.2. An attacker able to register temp...

Apache CloudStack Input Validation Error Vulnerability (CNVD-2024-41660)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack has a security vulnerability that can be exploited ...

CVE-2024-45219

Apache CloudStack CVE-2024-45219 concerns a KVM-related vulnerability where default user uploads/registrations of templates and volumes can bypass validation for KVM-compatible disks. The issue spans CloudStack versions 4.0.0–4.18.2.3 and 4.19.0.0–4.19.1.1, allowing an attacker who can upload or ...

Astro-Shield 安全漏洞

Astro-Shield is KindSpells Labs open source a library . It is used to calculate sub-resource integrity hashes for JS scripts and CSS stylesheets. Astro-Shield has a security vulnerability that stems from the CSP header generation feature allowing the listing of maliciously injected resources...

Policy Bypass

nodejs is vulnerable to Policy Bypass. The vulnerability allows a malicious attacker to intercepting the resource integrity check performed by the Node.js policy feature and to get a forged checksum resulting in potential malicious code execution...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

Creating Awareness of External JavaScript Libraries in Web Applications

Qualys Web Application Scanning WAS routinely reviews and solicits customer feedback regarding vulnerabilities. This may be to enhance the detection or the detections reporting. Previously, all JavaScript libraries detected on an application are reported under the Information Gathering QID 150176...

AccuPOS Insecure Privilege Vulnerability

AccuPOS is a retail system from the American company AccuPOS. The system features order management, payment management and inventory management. An insecure privilege vulnerability exists in AccuPOS version 2017.8, which stems from the program assigning insecure 'Authenticated Users: Modify'...

CVE-2016-10563

CVE-2016-10563 concerns the go-ipfs-deps package, where versions before 0.4.4 download resources over HTTP. The root cause is insecure HTTP downloads that enable a MITM attacker to modify or read resources, compromising integrity and potentially enabling further impact, including remote code exec...