6 matches found
CVE-2026-54784 CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...
Information Disclosure
angular/common is vulnerable to information disclosure. The vulnerability is due to the HttpTransferCache utility failing to consider the withCredentials flag and Cookie header when caching HTTP responses during Server-Side Rendering SSR with hydration enabled, which allows an attacker to obtain...
CVE-2026-29023
Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instanc...
CVE-2025-67511 Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...
Generex UPS Adapter CS141 Improper Link Resolution Before File Access (CVE-2022-47188)
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. This plugin only works with Tenable.ot...
CVE-2022-43528
Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConne...