EUVD-2024-2011

Malicious code in bioql PyPI...

EUVD-2025-23599

Malicious code in bioql PyPI...

CVE-2025-36729 RACOM M!DGE2 Privilege Escalation via SDK Testing Endpoint

A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid...

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

GHSA-C25H-C27Q-5QPV Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access permission manage-realm can change the LDAP host URL "Connection URL" to a machine they control. The...

GHSA-GMRM-8FX4-66X7 Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c25h-c27q-5qpv. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently...

IBM: Unauthenticated Remote Access to Testing Endpoint

Unauthenticated remote access to a testing endpoint was reported, analyzed and remediated...