GHSA-RG3M-CFQ7-G6H6 FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass

Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...

FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Authorization Bypass

Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...

PT-2026-43447

Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when secureEnabled is set to true. The POST /api/runscript endpoint checks authorization against the stored script's permission by ID, but when test: true is set in the request, it compiles and executes attacker-supplie...

EUVD-2023-44280

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...

CVE-2023-3634

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...

CVE-2023-3634 Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...

CVE-2023-3634 Festo: MSE6-C2M/D2M/E2M Incomplete User Documentation of Remote Accessible Functions

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...

CVE-2023-3634

CVE-2023-3634 is linked to a Festo vulnerability affecting MSE6-C2M, MSE6-D2M, and MSE6-E2M devices. The issue stems from undocumented configuration commands in the software for managing/monitoring air consumption, enabling a remote attacker to impact confidentiality, integrity, and availability ...

CVE-2023-3634

In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, integrity and availability...

CVE-2026-33456

Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...

CVE-2026-33456 Potential livestatus injection in notification test

Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...

CVE-2026-33456

Summary of CVE-2026-33456 : A Livestatus injection vulnerability exists in Checkmk’s notification test mode for versions before 2.5.0b4 and before 2.4.0p26. An authenticated user who can access the notification test page can inject arbitrary Livestatus commands via a crafted service description. ...

PT-2026-31899

Name of the Vulnerable Software and Affected Versions Checkmk versions prior to 2.5.0b4 and prior to 2.4.0p26 Description A flaw exists in Checkmk that allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands through a crafted service...

CVE-2026-33456

Livestatus injection in the notification test mode in Checkmk 2.5.0b4 and 2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description...

EUVD-2025-208132

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...

CVE-2025-9907

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...

CVE-2025-9907 Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...

CVE-2025-9907 Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...

CVE-2025-9907

CVE-2025-9907 is addressed in Red Hat Open Product Security Advisory RHSA-2025:19201 for Red Hat Ansible Automation Platform 2.6. The advisory assigns a security impact to CVE-2025-9907 within the Event-Driven Ansible (EDA) component: automation-eda-controller, describing Sensitive Internal Heade...

event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...