408 matches found
EUVD-2023-39890
Malicious code in bioql PyPI...
EUVD-2025-16220
Malicious code in bioql PyPI...
EUVD-2022-2343
Malicious code in bioql PyPI...
EUVD-2022-53392
Malicious code in bioql PyPI...
Security Bulletin: Vulnerabilities in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2025-36097 and CVE-2024-56339).
Summary There are vulnerabilities in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2025-36097 and CVE-2024-56339. An update to IBM TXSeries for Multiplatforms has been released to address these. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere...
CVE-2025-9785 Misconfigured certificate validation with self-signed certificates for Print Deploy
PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not...
CVE-2024-56339
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration...
CVE-2024-56339
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration...
CVE-2024-56339 IBM WebSphere Application Server information disclosure
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration...
CVE-2024-56339
CVE-2024-56339 affects IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3–25.0.0.7, potentially allowing a remote attacker to bypass security restrictions due to a failure to honor security configuration. IBM Security Bulletins confirm the vulnerability and pro...
CVE-2024-56339 IBM WebSphere Application Server information disclosure
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration...
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion
Impact This vulnerability affects oauth2-proxy deployments using the skipauthroutes configuration option with regex patterns. The vulnerability allows attackers to bypass authentication by crafting URLs with query parameters that satisfy the configured regex patterns, potentially gaining...
CVE-2025-43192
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. Account-driven User Enrollment may still be possible with Lockdown Mode turned on...
CVE-2025-0253
HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities...
IBM WebSphere Application Server 9.x < 9.0.5.25 / Liberty 17.0.0.3 < 25.0.0.8 (7239955)
The version of IBM WebSphere Application Server running on the remote host is affected by a vulnerability as referenced in the 7239955 advisory. - IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass securi...
CVE-2025-25271
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface...
CVE-2025-52894
CVE-2025-52894 affects OpenBao prior to v2.3.0, where an unauthenticated, unaudited cancellation of root rekey and recovery rekey operations could cause a denial of service. In OpenBao v2.2.0 and later, operators can disable the unauthed rekey endpoints on global listeners by setting disable_unau...
CVE-2025-52894 OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
CVE-2025-49142
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...
Remote Code Execution (RCE)
Nautobot is vulnerable to Remote Code Execution. The vulnerability is due to insufficient sandboxing due to improper security configuration of the Jinja2 templating feature, allowing malicious users to access secrets or call Python APIs to modify data, bypassing object permissions...