CVE-2026-42283

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the...

CVE-2026-44125

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session...

EUVD-2018-1879

Malware in sbrugna...

UBUNTU-CVE-2022-3920

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...

PT-2022-24801 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.13.0 through 1.13.3 Description: The issue concerns a lack of filtering for cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. This affects HashiCorp...

CVE-2018-1000206

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery CSRF vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flas...

CVE-2018-1000206

JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery CSRF vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flas...