CVE-2026-21785

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

CVE-2026-21785 HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

HCL BigFix Remote Control Server WebUI 安全漏洞

HCL BigFix Remote Control Server WebUI is a web interface provided by the Indian company HCL for remote management and control. HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier have security vulnerabilities. These vulnerabilities stem from incorrect configuration of content...

CVE-2026-21293 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

PT-2026-24557

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

EUVD-2001-0828

Malware in sbrugna...

EUVD-2024-15962

Malicious code in bioql PyPI...

EUVD-2024-54242

Malicious code in bioql PyPI...

CVE-2025-1139

IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment...

UBUNTU-CVE-2025-4563

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to...

CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

CVE-2024-53694

A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to improper privilege management in a REST interface. An attacker can access unauthorized resources by knowing the resource ID. Note: This is only exploitable if the attacker is a registered user...

CVE-2024-24778

Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue...

USN-7253-1 openjdk-17 vulnerability

It was discovered that the Hotspot component of OpenJDK 17 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information...

CVE-2024-21759

Fortinet FortiPortal versions 7.0.0–7.0.6 and 7.2.0 are affected by an authorization bypass via a user-controlled key in the administration interface. This allows a remote attacker to view unauthorized resources through HTTP/HTTPS requests. Root cause and exact remediation details are not provide...

UBUNTU-CVE-2024-0077

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...

NVIDIA Virtual GPU Manager 安全漏洞

NVIDIA Virtual GPU Manager is an NVIDIA virtual GPU management software from NVIDIA. A security vulnerability exists in NVIDIA Virtual GPU Manager that originates from allowing a guest operating system to allocate unauthorized resources, successful exploitation of this vulnerability may result in...

CVE-2024-0163

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources...

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS Security Vulnerability

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS are both products of Dell, Inc.Dell PowerEdge Server BIOS is a system update driver from Dell.Dell Precision Rack BIOS is a Dell Precision Rack BIOS is a BIOS utility for high-performance workstation products. A security vulnerability exists...