18 matches found
CVE-2026-23768
creationtimestamp| type| source ---|---|--- 2026-01-16 07:31:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcjlel65xf2x...
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
CVE-2026-23768
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...
CVE-2020-23768
An information disclosure vulnerability was discovered in alipayfunction.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and...
CVE-2025-23768
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in inwavethemes InFunding infunding allows Reflected XSS.This issue affects InFunding: from n/a through = 1.0...
CVE-2022-23768
This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...
CVE-2024-23768
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...
CVE-2025-23768
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in inwavethemes InFunding infunding allows Reflected XSS.This issue affects InFunding: from n/a through = 1.0...
CVE-2025-23768
CVE-2025-23768 : Reflected Cross‑Site Scripting in the WordPress plugin InFunding (NotFound InFunding) affects versions up to 1.0. The issue arises from improper input neutralization during web page generation. CVSS 3.1 base score 7.1 (HIGH) with network attack vector, required user interaction, ...
CVE-2024-23768
creationtimestamp| type| source ---|---|--- 2024-01-22 04:21:27+00:00| seen| https://t.me/ctinow/170964...
CVE-2024-23768
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...
CVE-2024-23768
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders and the files and datasets in these folders can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source...
CVE-2024-23768
CVE-2024-23768 (Dremio) : Dremio before 24.3.1 suffers a path traversal flaw where an authenticated user with no privileges on certain folders plus access to the source and at least one folder can access restricted folders, files, and datasets. Affected versions are 24.0.0–24.3.0, 23.0.0–23.2.3, ...
CVE-2022-23768
CVE-2022-23768 affects the Neo Information Systems Home AP NIS-HAP11AC. The root cause is an exposed external port for the telnet service, enabling remote attackers to perform attacks including source-code hijacking and remote control of the device. The NVD metrics show a high to critical impact ...
CVE-2022-23768 Neo Information Sys. NIS-HAP11AC remote access and manipulation vulnerability
This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...
CVE-2020-23768
An information disclosure vulnerability was discovered in alipayfunction.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and...
CVE-2020-23768
CVE-2020-23768 describes an information-disclosure vulnerability in PHPPYUN before version 5.0.1, rooted in the Alibaba Payment Interface’s alipay_function.php log file. The issue allows an attacker to obtain users’ personal data, including email addresses and phone numbers. Public documentation ...
Fedora Update for openssl FEDORA-2013-23768
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...