HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.
HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices.
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions
HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.
HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions.
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.
Mistune Image Directive CSS Injection Vulnerability
Mistune TOC Anchor Injection XSS
OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation
Portainer missing authorization on custom template file endpoint, which exposes template content
Portainer: JWT accepted in URL query leaks tokens to logs and referers
Portainer has an endpoint security bypass via Swarm service create/update
Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Portainer has a bind-mount restriction bypass via HostConfig.Mounts
Portainer has a path traversal in backup archive extraction that allows arbitrary file write
Portainer missing authorization on Docker plugin endpoints, which allows host RCE
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover