CVE-2026-0261

Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...

Harbor 安全漏洞

Harbor is an open-source registry developed by Harbor Open Source. It protects artifacts through policy-based and role-based access control, ensures that images are scanned for vulnerabilities, and signs images as trustworthy. Versions of Harbor prior to 2.15.0 have security vulnerabilities; thes...

"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization

Overview Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect authorization CWE-863 - CVE-2025-65002 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...

EUVD-2018-11258

Malware in sbrugna...

EUVD-2022-36796

Malicious code in bioql PyPI...

EUVD-2022-47728

Malicious code in bioql PyPI...

EUVD-2024-38951

Malicious code in bioql PyPI...

PT-2025-27494 · Ibm · Ibm System Storage Virtualization Engine Ts7700

Name of the Vulnerable Software and Affected Versions: IBM System Storage Virtualization Engine TS7700 versions 3957 VED R5.4 8.54.2.17 through R6.0 8.60.0.115 IBM System Storage Virtualization Engine TS7700 versions 3948 VED R5.4 8.54.2.17 through R6.0 8.60.0.115 IBM System Storage Virtualizatio...

PT-2025-23423 · Ibm · Ibm Planning Analytics Local

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics Local versions 2.0 through 2.1 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...

CVE-2022-30272

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...

CVE-2025-47419 Non-Secure Access

Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from...

PT-2025-19990 · Crestron · Crestron Automate Vx

Name of the Vulnerable Software and Affected Versions: Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49 Description: The issue allows for the cleartext transmission of sensitive information, such as user passwords, due to the device allowing Web UI and API access over non-secure...

PT-2025-16267 · Ibm · Ibm Aspera Console

Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.4 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

PT-2025-16183 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.11 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within...

CVE-2021-28494

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases...

PT-2025-2758 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.5 IBM Sterling B2B Integrator versions 6.2.0.0 through 6.2.0.3 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended...

PT-2023-28221 · Ibm · Ibm Cics Tx Standard +2

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard versions 10.1 through 11.1 IBM CICS TX Advanced version 10.1 IBM TXSeries for Multiplatforms versions 8.1 through 9.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the...

CVE-2022-44796

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...

CVE-2022-44796

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...

DEBIAN-CVE-2022-3314

Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...