62 matches found
CVE-2026-8142
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...
CVE-2026-8142 CVE-2026-8142
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...
CVE-2026-8142 CVE-2026-8142
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...
CVE-2026-8142
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...
CVE-2026-8142
Technical details are not publicly available in the provided documents. Monitor for updates.
PT-2026-38572
Name of the Vulnerable Software and Affected Versions VINCE versions 3.0.38 and earlier Description Encoding confusion prevents the proper verification of the authenticity of the From address. This allows the From address to be used for unauthorized automated actions, such as ticket creation or...
VINCE 安全漏洞
VINCE is an open-source CERT coordination center developed and used by the U.S. CERT Coordination Center. It serves as a platform for improving vulnerability disclosure efforts. Versions of VINCE prior to 3.0.38 contained security vulnerabilities. These vulnerabilities were caused by code...
I'm Hosting a New Podcast
I'm hosting a new podcast for Corelight. Check out my first episode with our field CTO, Vince Stoffer. Expect new episodes every two weeks. This is no buddy cop discussion -- max content, minimum banter, in about 15 minutes! https://open.spotify.com/episode/0SD2gUvIuB65YFmjjtXfTR...
EUVD-2024-33496
Malicious code in bioql PyPI...
EUVD-2022-43546
Malicious code in bioql PyPI...
EUVD-2024-50235
Malicious code in bioql PyPI...
EUVD-2022-43555
Malicious code in bioql PyPI...
EUVD-2022-30439
Malicious code in bioql PyPI...
CVE-2024-9953
A potential denial-of-service DoS vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profile, which may lead to a DoS condition when the profile is accessed. While the Django server restrict...
CVE-2024-10469
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users...
CVE-2024-10469
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users...
CVE-2024-10469
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users...
CVE-2024-10469 CERT/CC VINCE versions before 3.0.9 allows authenticated user to access User Management view.
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users...
CVE-2024-10469
CVE-2024-10469 affects VINCE before 3.0.9. The issue allows exposure of user information to authenticated users due to an access/control flaw in VINCE’s User Management view. Impact is user information disclosure; CVSS vectors in sources indicate medium base severity with confidentiality impact. ...
CVE-2024-10469 CERT/CC VINCE versions before 3.0.9 allows authenticated user to access User Management view.
VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users...