31 matches found
EUVD-2026-31324
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...
CVE-2025-14816
The connected PT-2026-30802 advisory confirms CVE-2025-14816 as a local vulnerability affecting Mitsubishi Electric GENESIS64, ICONICS Suite/MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64 (and related Iconics Digital Solutions variants). The root cause is cleartext storage/display ...
AnythingLLM 安全漏洞
AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM suffers from a security vulnerability that stems from two common system preferences endpoints that allow administrator role access, which can be exploited by an attacker to cause the administrator to read plaintext...
CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...
EUVD-2025-17685
Malicious code in bioql PyPI...
EUVD-2025-17691
Malicious code in bioql PyPI...
Unspecified Vulnerability in Ivanti Workspace Control (CNVD-2025-15108)
Ivanti Workspace Control is a desktop management solution from Ivanti. Ivanti Workspace Control suffers from a security vulnerability that originates from hard-coded keys, which can be exploited by an attacker to decrypt stored SQL credentials...
CVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-22455
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-22455
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-22455
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-5353
Ivanti Workspace Control is affected by a vulnerability caused by a hard-coded key that can be exploited by a local, authenticated attacker to decrypt stored SQL credentials. Affected versions are before 10.19.10.0. Impact is exposure of sensitive database credentials due to weak key handling. Th...
CVE-2025-22455
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...
CVE-2025-22455
Ivanti Workspace Control is affected by CVE-2025-22455 due to a hardcoded key that can allow a local authenticated attacker to decrypt stored SQL credentials. The vulnerability concerns versions before 10.19.0.0 (per initial CVE description) with broader remediation references indicating fixes fo...
CVE-2025-22455
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials...
PT-2025-24669 · Ivanti · Ivanti Workspace Control
Name of the Vulnerable Software and Affected Versions: Ivanti Workspace Control versions prior to 10.19.10.0 Description: A hardcoded key in the software allows a local authenticated attacker to decrypt stored SQL credentials. Recommendations: For versions prior to 10.19.10.0, update to version...