21 matches found
Client-Side Enforcement of Server-Side Security
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security through the processAction registration flow in the WebAuthn...
K000160727: BIG-IP Advanced WAF and ASM vulnerability CVE-2026-40060
Security Advisory Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2026-40060 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote,...
PT-2026-40643
Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the ...
PT-2026-32407
Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...
Incorrect Authorization
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization via the enrollment endpoint. An attacker can access Fleet Server policy details from unauthorized spaces b...
CVE-2026-33460
Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...
CVE-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure
Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...
CVE-2026-33236
A flaw was found in NLTK Natural Language Toolkit, a suite of open-source Python modules for Natural Language Processing. The NLTK downloader does not validate subdir and id attributes when processing remote XML index files. A remote attacker can exploit this path traversal vulnerability by...
CVE-2025-61935
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61935
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61935 BIG-IP Advanced WAF and ASM vulnerability
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2010-0581
Malware in sbrugna...
CVE-2021-29251
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register in Server Settings Policies. This affects Docker use cases in which a mail server is configured...
Softing edgeAggregator 安全漏洞
Softing edgeAggregator is a flexible and container-based solution from Softing for managing complex system architectures for OT/IT integration into edge and cloud applications. A security vulnerability exists in Softing edgeAggregator, which stems from a lack of proper content security policy...
F5 BIG-IP 资源管理错误漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP AWAF and ASM, where when a BIG-IP Advanced WAF or BIG-IP ASM security...
CVE-2021-23050
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...
Security Bulletin: Java.policy file change in Default Socket Permissions for WebSphere Application Server
Summary IBM® SDK Java™ Technology Edition released by IBM and Oracle JDKs have made a change to the default socket permissions in the java.policy file. Vulnerability Details IBM® SDK Java™ Technology Edition released by IBM and the Oracle JDK's have made a change to the default socket permissions...
Microsoft Windows: Microsoft network server: Amount of idle time required before suspending session
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnsidletimesuspending.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Microsoft network server: Amount of idle time required before suspending session Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone...
February 22, 2018—KB4077528 (OS Build 15063.936)
February 22, 2018—KB4077528 OS Build 15063.936 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where an application cannot read or write attributes of windows that belong t...
New Relic: CSRF- delete all empty server policy
A CSRF vulnerability is found in the application, using which an attacker can delete all empty server policy. Steps to reproduce Create a html file using following code: send it to victim. Note : Make sure you change the account id to the victims id...