104 matches found
PT-2026-46137
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...
CVE-2026-41283
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...
MAL-2026-4772 Malicious code in txdpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 767f0e720df9d2dd670fc9c607db01794649653be89daa42f01dfe34a69a8ecd The package exports a 发送邮件 sendemail function whose default sender, recipient, and SMTP auth code are hardcoded to the author's QQ account. In...
CVE-2026-20206
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...
Malicious code in @antv/g-components (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
EUVD-2025-209779
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...
CVE-2025-40946
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...
CVE-2025-40946
CVE-2025-40946 affects a wide range of blueplanet devices (NX3/TL3/TL3-S/TL3-GEN2, gridsafe, hybrid) across many models and versions. The root cause is a CRC16-based algorithm used to generate Technical Service credentials, which could enable an attacker to derive credentials from a device serial...
CVE-2025-40946
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...
PT-2026-39979
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...
EUVD-2026-22333
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...
CVE-2026-33551
The connected Debian tracker entry for CVE-2026-33551 states that restricted application credentials can create EC2 credentials, indicating a credential-creation/escalation issue within that context. Details on affected package, exact root cause, vulnerable versions, and remediation are not provi...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process. An attacker can obtain sensitive S3 access credentials by accessing the pod's logs. Remediation Upgrade github.com/rancher/backup-restore-operator/pkg/objectstore ...
CVE-2026-26334
Affected software: Calero VeraSMART (versions prior to 2026 R1). Vulnerability: Hardcoded static AES keys present within Veramark.Framework.dll (Veramark.Core.Config class) are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. Impact chain: An attacker ...
CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...
CVE-2026-26334 Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll Veramark.Core.Config class. These keys are used to encrypt the password of the service account stored in C:\VeraSMART Data\app.settings. An attacker with local access to the...
CVE-2026-1966
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
CVE-2026-1966
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...
PT-2026-6632
Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions through 7.6.6 Description Fortinet FortiOS through version 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files. This issue was exploited in the wild between December 16, 2025, and...