Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.9 views

CVE-2026-2255

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS5.5AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 4:16 a.m.12 views

CVE-2026-2255

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:51 a.m.30 views

CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:51 a.m.9 views

CVE-2026-2255 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 2:51 a.m.9 views

EUVD-2026-32046

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:51 a.m.19 views

CVE-2026-2255

Hitachi Vantara Pentaho Data Integration & Analytics exposes Hadoop cluster credentials in plain text via the Cluster Test API for versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The credentials can be used to submit jobs under the same account through the backend API, indicatin...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.9 views

PT-2026-43485

Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.6 Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 11.0.0.0 Description Hadoop cluster credentials are exposed in plain text through the 'Clust...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.4 views

PT-2025-49030

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS versions up to 4.7.1 Description A server-side request forgery condition exists in dayrui XunRuiCMS. The issue is located in the file admin79f2ec220c7e.php?c=api&m=test site domain within the Project Domain Change Test...

7.2CVSS4.5AI score0.00346EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/10 3:37 a.m.4 views

EUVD-2025-33596

Malicious code in @evo-tech/backoffice-test-api npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/10/10 3:37 a.m.2 views

MAL-2025-48289 Malicious code in @evo-tech/backoffice-test-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 931d6e176eaebf4b172dba6fd81800d7257f741ffad464c014dc9fcd085bcba4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
wpexploit
wpexploit
added 2022/11/30 12:0 a.m.156 views

Paytium < 4.3.7 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Playtium » Settings and in the 'Test'...

4.8CVSS0.5AI score0.0047EPSS
Exploits2
GithubExploit
GithubExploit
added 2022/05/10 3:34 p.m.179 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE2022-1388TestAPI A Test API for testin...

9.8CVSS10AI score0.99956EPSS
Exploits63
Rows per page
Query Builder