51 matches found
Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization
Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...
PT-2026-20331
Name of the Vulnerable Software and Affected Versions Pterodactyl Panel versions prior to 1.12.1 Description A missing authorization check allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a...
MCPJam Inspector security vulnerabilities
MCPJam Inspector is an open-source debugging and quality analysis tool for the Model Context Protocol developed by MCPJam. Versions of MCPJam Inspector 1.4.2 and earlier contain security vulnerabilities. These vulnerabilities stem from specially crafted HTTP requests that can trigger the...
CVE-2025-64106
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...
Cursor 操作系统命令注入漏洞
Cursor is an AI code editor from Cursor Open Source. An operating system command injection vulnerability exists in Cursor versions 1.7.28 and earlier, which stems from insufficient input validation during the MCP server installation process, and could lead to a specially crafted deep link bypassi...
PT-2025-45060
Name of the Vulnerable Software and Affected Versions Cursor versions 1.7.28 and below Description Cursor is a code editor designed for programming with AI. An input validation issue within Cursor’s MCP server installation allows maliciously crafted deep-links to circumvent standard security...
EUVD-2021-13355
Malware in sbrugna...
EUVD-2018-0390
Malware in sbrugna...
Wazuh Server Installed (Linux / UNIX)
Binary data wazuhservernixinstalled.nbin...
CVE-2024-47109
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system...
CVE-2024-47109 IBM Sterling File Gateway information disclosure
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system...
SUSE-SU-2025:0216-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - Install nbdkit-server to avoid pulling unneeded...
openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:3267-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3267-1 advisory. golang-github-prometheus-prometheus: - Security issues fixed: CVE-2024-6104: Update go-retryablehttp to version 0.7.7 bsc1227038 CVE-2023-45142:...
Reconfigure XenDesktop Desktop Studio when Installed as a Standalone on a Remote Server
When you install Desktop Studio by itself on a remote server, that is, without the controller role installed locally, the first time you start the Desktop Studio Console, you are prompted to select which Desktop Delivery Controller DDC you want to connect, as displayed in the following screen sho...
CVE-2023-50955 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777...
SUSE CVE-2012-3160
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation...
Exploit for OS Command Injection in Contao
CVE-2022-26265 Contao CMS RCE This repo is part of the h...
Authentication flaw
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control SD-AVC on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on...
Cisco vManage 访问控制错误漏洞
Cisco vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco vManage suffers from an Access Control Error vulnerability that stems from the GUI being accessible on a self-managed clo...
Zimbra Collaboration Server Installed (Linux / Unix)
Binary data zimbranixinstalled.nbin...