CVE-2023-41921

A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achievin...

CVE-2023-48039

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gfmpdparsestring mediatools/mpd.c:75...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...

CVE-2023-47704

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220...

CVE-2023-3413

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...

CVE-2022-25516

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbttfindtable at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-34002

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...

CVE-2022-30286

pyscriptjs aka PyScript Demonstrator in PyScript through 2022-05-04 allows a remote user to read Python source code...

CVE-2022-25514

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-29947

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...

CVE-2022-48149

Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter...

CVE-2022-48435

In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file...

CVE-2022-1585

The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php...

CVE-2022-35011

PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflatefast at /src/inffast.c...

CVE-2022-32984

BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the...

CVE-2022-39259

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds...