TYPO3 CMS Stores Cleartext Password in User Settings Module

Problem The backend user settings module SetupModuleController incorrectly conflates entity data like passwords or email address with user-interface settings like theme, display options when persisting changes. As a result, passwords were stored in cleartext in the uc and usersettings fields of t...

GHSA-XVV6-P4WF-MVX7 TYPO3 CMS Stores Cleartext Password in User Settings Module

Problem The backend user settings module SetupModuleController incorrectly conflates entity data like passwords or email address with user-interface settings like theme, display options when persisting changes. As a result, passwords were stored in cleartext in the uc and usersettings fields of t...

Cleartext Storage of Sensitive Information

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An attacker can obtain sensitive user credentials by accessing the uc and...

CVE-2024-41801

OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...

EUVD-2024-39190

Malicious code in bioql PyPI...

CVE-2025-30420

There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user t...

NI Circuit Design Suite 安全漏洞

NI Circuit Design Suite is a circuit design suite from National Instruments NI that provides a complete set of tools for circuit design, simulation, verification, and layout. A security vulnerability exists in NI Circuit Design Suite version 14.3.0 and prior versions, which originates from an...

Incorrect Authorization

Overview Umbraco.Cms.Web.Common is a package containing the web assembly needed to run Umbraco CMS. Affected versions of this package are vulnerable to Incorrect Authorization. An attacker can gain unauthorized access to sensitive functionalities by exploiting the permissions of low-privilege...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

Umbraco CMS 安全漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. A security vulnerability exists in Umbraco CMS version 14.0.0 up to and including version 14.3.0, which stems from an improper access control issue that allows a low-privileged user to access the webhook API and retrieve informatio...

PT-2024-33273 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 14.0.0 through 14.2.x Description: The issue is related to improper access control, allowing low-privilege users to access the webhook API and retrieve restricted information. This affects the settings section, where access...

CVE-2024-41801 OpenProject packaged installation has Open Redirect Vulnerability in Sign-In in default configuration

OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...

PT-2024-29568 · Unknown +1 · Openproject +1

Name of the Vulnerable Software and Affected Versions: OpenProject versions prior to 14.3.0 Description: The issue allows an attacker to redirect to a remote host to initiate a phishing attack against an OpenProject user's account by using a forged HOST header in the default configuration of...

CVE-2024-3330 Spotfire Remote Code Execution Vulnerability

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction fr...

OPENSUSE-SU-2024:13565-1 teleport-14.3.0-1.1 on GA media

These are all security issues fixed in the teleport-14.3.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-28662

A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in createtag in admin/include/functions.php...

Piwigo <= 14.3.0 CSRF Vulnerability

Piwigo is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo...

Arbitrary Code Execution

Overview Impact Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads. Patches ExifTool has already been patched in version 12.24. exiftool-vendored, which vendors ExifTool, includes this patch in v14.3.0. Workarounds No. Recommendation Upgrade to...

GHSA-4WHQ-R978-2X68 Arbitrary code execution in ExifTool

Impact Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads. Patches ExifTool has already been patched in version 12.24. exiftool-vendored, which vendors ExifTool, includes this patch in v14.3.0. Workarounds No. References...