10 matches found
OpenStack Neutron 安全漏洞
OpenStack Neutron is an open-source project under OpenStack, designed to provide services between interface devices managed by other OpenStack services. Versions of OpenStack Neutron prior to 28.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the Label Controller...
CVE-2025-15617
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUBTOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits...
PT-2026-28280
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commit...
CVE-2026-33634
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
CVE-2026-33634 Trivy ecosystem supply chain briefly compromised
Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
PT-2025-45466
Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description A Broken Object Level Authorization BOLA issue exists in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application. The API does not properly validate if the...
PT-2024-35973 · Openstack · Openstack Neutron
Name of the Vulnerable Software and Affected Versions: OpenStack Neutron versions 23 through 23.2.0 OpenStack Neutron versions 24 through 24.0.1 OpenStack Neutron versions 25 through 25.0.0 Description: The issue affects OpenStack Neutron, where the neutron/extensions/tagging.py can use an...
CVE-2022-48023
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...
XWiki Platform 跨站请求伪造漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A cross-site request forgery vulnerability exists in XWiki Platform versions prior to 13.10.5 and prior to 14.3, which stems from the ability to perform a cross-site request...