12 matches found
CVE-2026-2255
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...
CVE-2026-2255
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...
CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...
CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...
EUVD-2026-32046
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...
CVE-2026-2255
Hitachi Vantara Pentaho Data Integration & Analytics exposes Hadoop cluster credentials in plain text via the Cluster Test API for versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The credentials can be used to submit jobs under the same account through the backend API, indicatin...
PT-2026-43485
Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.6 Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 11.0.0.0 Description Hadoop cluster credentials are exposed in plain text through the 'Clust...
PT-2025-49030
Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A server-side request forgery condition exists in dayrui XunRuiCMS. The issue is located in the file admin79f2ec220c7e.php?c=api&m=test site domain within the Project Domain Change Test...
EUVD-2025-33596
Malicious code in @evo-tech/backoffice-test-api npm...
MAL-2025-48289 Malicious code in @evo-tech/backoffice-test-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 931d6e176eaebf4b172dba6fd81800d7257f741ffad464c014dc9fcd085bcba4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Paytium < 4.3.7 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Playtium » Settings and in the 'Test'...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
CVE2022-1388TestAPI A Test API for testin...