CVE-2026-9794 Keycloak: keycloak: information disclosure via saml ecp endpoint

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

PT-2026-29796

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.24.0-beta.4 Description Signal K Server, a server application used in marine navigation systems, contains a privilege escalation issue. An unauthenticated attacker can exploit this to gain full Administrator...

CVE-2026-3263

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote...

CVE-2026-3263

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote...

CVE-2026-3263

The CVE affects go2ismail Asp.Net-Core-Inventory-Order-Management-System up to version 9.20250118. The vulnerability lies in an unknown functionality within the /api/Security/ of the Security API, where manipulation can lead to improper authorization and remote exploitation. Vendor has not respon...

CVE-2026-3263 go2ismail Asp.Net-Core-Inventory-Order-Management-System Security API improper authorization

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote...

EUVD-2023-50860

Malicious code in bioql PyPI...

CVE-2023-46669

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...

CVE-2023-46669

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...

CVE-2023-46669

Exposure of sensitive information to local unauthorized actors in Elastic Agent and Elastic Security Endpoint can lead to loss of confidentiality and impersonation of Endpoint to the Elastic Stack. This issue was identified by Elastic engineers and Elastic has no indication that it is known or ha...

CVE-2023-46669

The CVE-2023-46669 issue concerns Elastic Agent and Elastic Security Endpoint where an API key disclosure could expose sensitive information to local unauthorized actors, enabling potential impersonation of Endpoint to the Elastic Stack. Affected components are Elastic Agent and Elastic Security ...

Elastic Agent和Elastic Security Endpoint 安全漏洞

Elastic Agent and Elastic Security Endpoint are both products of the Dutch company Elastic.Elastic Agent is a single agent. Logs, metrics, traces, availability, security and other data can be collected from each host.Elastic Security Endpoint is an Endpoint Detection and Response EDR solution bui...

PT-2025-7112 · Tp Link · Tp-Link Tl-Wr841Nd

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841ND version V11 Description: A buffer overflow issue was discovered via the pskSecret parameter at the "/userRpm/WlanSecurityRpm.htm" API endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted...

CVE-2023-40593

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language SAML request to the /saml/acs REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon...

User Enumeration

Description The migrate-email endpoint is requiring Email, Username, and Password parameter. The Username parameter value will be queried to userManager.Users and will returning data to user variable, if user variable contain null value, the application will return bad request with "Invalid...

CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2019-15594

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint...

Panda Security Endpoint Administration Agent Elevation of Privilege Vulnerability

Panda Security Endpoint Administration Agent is an endpoint administration agent service. An elevation of privilege vulnerability exists in Panda Security Endpoint Administration Agent, which can be exploited by a local attacker to elevate privileges and take control of a host...

Mulesoft ESB Runtime 3.5.1 - Privilege Escalation

Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code Execution Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to create an administrator user due to a lack of permissions check in the handler/securityService.rpc endpoint. The following HTTP request can b...