Common Vulnerabilities and Exposures (CVE)

CVE-2012-0059

Apr 2, 2026 23:42:30 UTC

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this...

CVE-2011-3344

Apr 2, 2026 23:42:25 UTC

A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unau...

CVE-2011-2927

Apr 2, 2026 23:42:25 UTC

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggere...

CVE-2025-0133

Apr 2, 2026 23:38:11 UTC

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's...

CVE-2026-32211

Apr 2, 2026 23:27:01 UTC

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.

CVE-2026-32173

Apr 2, 2026 23:27:00 UTC

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.

CVE-2026-33105

Apr 2, 2026 23:26:59 UTC

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-26135

Apr 2, 2026 23:26:58 UTC

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.

CVE-2026-33107

Apr 2, 2026 23:26:57 UTC

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-32213

Apr 2, 2026 23:26:56 UTC

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-31675

Apr 2, 2026 22:35:46 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5,...

CVE-2022-4986

Apr 2, 2026 22:34:01 UTC

Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS conn...

CVE-2023-7343

Apr 2, 2026 22:30:35 UTC

HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending special...

CVE-2023-7342

Apr 2, 2026 22:28:20 UTC

HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted ...

CVE-2025-9566

Apr 2, 2026 22:27:32 UTC

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a ...