46 matches found
Information Exposure
Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Information Exposure via the console.log and console.debug functions, which log sensitive response payloads from external services, including bearer tokens, account numbers, and...
EUVD-2025-35091
Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers...
VulnCheck KEV: CVE-2025-2747
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...
VulnCheck KEV: CVE-2025-2746
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...
EUVD-2025-8009
Malicious code in bioql PyPI...
CVE-2025-32408
In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...
CVE-2025-32408
In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...
CVE-2025-32408
CVE-2025-32408 affects Soffid Console prior to 3.6.32 (specifically 3.6.31 and earlier). The root cause is mishandled authorization to use the PAM service, as described in multiple sources. The base CVSS score is low (2.5, LOCAL access, high attack complexity, no user interaction). Red Hat and ot...
CVE-2025-2747
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...
CVE-2025-2749
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...
CVE-2025-2746
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...
CVE-2025-2747
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...
CVE-2025-2747
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...
Directory Traversal
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Directory Traversal via the Staging Sync Server, which does not sufficiently protect librarySubFolderPath against traversal sequence...
Authentication Bypass by Primary Weakness
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness when the Staging Sync Server is enabled which it is not by default. An attacker can gain...
CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...
CVE-2025-2747 Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...
CVE-2025-2747
Kentico Xperience 13 CMS is affected by an authentication bypass in the Staging Sync Server component, due to password handling for the server-defined None type. This allows bypass of authentication and potential control of administrative objects, with impact stated up to version 13.0.178. A reme...
CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...
CVE-2025-2746 Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...