CVE-2026-33161 Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

CVE-2026-33161

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

CVE-2022-33161

IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID:...

CVE-2021-33161

Improper input validation in some IntelR Ethernet Adapters and IntelR Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2021-33161

The CVE-2021-33161 issue concerns improper input validation in Intel Ethernet Adapters and Intel Ethernet Controller I225 Manageability firmware, enabling a privileged user to escalate privileges via local access. Affected products include Intel Ethernet Controller I225 Manageability firmware (be...

CVE-2021-33161

Improper input validation in some IntelR Ethernet Adapters and IntelR Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2024-33161

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sqlfilter parameter in the unallocatedList function...

CVE-2022-33161

creationtimestamp| type| source ---|---|--- 2023-10-14 18:30:00+00:00| seen| https://t.me/cibsecurity/72285...

CVE-2022-33161

CVE-2022-33161 affects IBM Security Directory Server 6.4.0. The issue is caused by failure to properly enable HTTP Strict Transport Security, enabling an attacker to obtain sensitive information via man-in-the-middle over the network. Impact is information disclosure; published scores show MEDIUM...

Security Updates for Microsoft Office Products (July 2023) (macOS)

The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple remote code execution vulnerabilities. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, In...

Security Updates for Microsoft Excel Products C2R (July 2023)

The Microsoft Excel Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - Two remote code execution vulnerabilities. CVE-2023-33161, CVE-2023-33158 - An information disclosure vulnerability. CVE-2023-33162 Note that Nessus has not tested for...

CVE-2023-33161

creationtimestamp| type| source ---|---|--- 2023-07-11 22:35:48+00:00| seen| https://t.me/cibsecurity/66422...

CVE-2023-33161

Microsoft Excel Remote Code Execution Vulnerability...

CVE-2023-33161

CVE-2023-33161 is a Microsoft Excel Remote Code Execution vulnerability reported in multiple feeds. The compiled documents identify Microsoft Excel as the affected product and classify the issue as code execution with high impact. The CVSS data in the initial document indicates a high-severity, u...

KLA50773 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code...