CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

CVE-2026-8109

CVE-2026-8109 affects the Core Server of Ivanti Endpoint Manager prior to version 2024 SU6. The vulnerability is an exposed dangerous method that can be exploited by a remote authenticated attacker to leak credentials. This has been documented in NVD and CVE records, which describe the affected c...

CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

CVE-2026-23620

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON...

CVE-2026-23620

GFI MailEssentials AI (versions prior to 22.4) contains an information-disclosure vulnerability in ListServer.IsDBExist() at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can provide an unrestricted filesystem path in the JSON key "path" (URL-decoded and pass...

CVE-2022-35246

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat...

NVIDIA Isaac-GR00T secure_server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Isaac-GR00T. Authentication is not required to exploit this vulnerability. The specific flaw exists within the secureserver method. The issue results from the lack of authentication prior to...

EUVD-2022-38141

Malicious code in bioql PyPI...

EUVD-2022-53426

Malicious code in bioql PyPI...

CVE-2022-32226

An improper access control vulnerability exists in Rocket.Chat...

Unified Automation UaGateway 安全漏洞

Unified Automation UaGateway is a high performance wrapper/proxy from Unified Automation programmed in C++. A security vulnerability exists in Unified Automation UaGateway that stems from a specific flaw in the implementation of the AddServer method that allows an attacker to create a denial of...

DEBIAN-CVE-2024-27758

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

Remote code execution

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

CVE-2024-27758

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named array for a client-provided netref e.g., np.arrayclientnetref, a remote attacker can craft a class that results in remote code execution...

Information disclosure

A information disclosure vulnerability exists in Rocket.Chat v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room...

Information disclosure

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...

CVE-2022-35246

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat v5, v4.8.2 and v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access...

Rocket.Chat 信息泄露漏洞

Rocket.Chat is an open source team chat software. A message disclosure vulnerability exists in Rocket.Chat versions prior to 5.0, which stems from the getUserMentionsByChannel meteor server method disclosing messages from private channels and direct messages, regardless of the user's access right...

Rocket.Chat: NoSQL-Injection discloses S3 File Upload URLs

Summary A NoSQL-Injection vulnerability in the getS3FileUrl Meteor server method can disclose arbitrary file upload URLs to users that should not be able to access. Description The fileId argument of the getS3FileUrl Meteor server method is not validated and can contain a regular expression. The...