MAL-2025-35151 Malicious code in test-mlw2-crest-licht-stems-pents (npm)

The package test-mlw2-crest-licht-stems-pents was found to contain malicious code...

CVE-2020-35151

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection...

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-43176)

Summary A vulnerability caused by improper authorization checks could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. Vulnerability Details CVEID:CVE-2024-43176 DESCRIPTION: IBM OpenPages could allow an...

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-35151)

Summary A vulnerability caused by improper authorization checks could allow authenticated users access to sensitive information through APIs. Vulnerability Details CVEID:CVE-2024-35151 DESCRIPTION: IBM OpenPages with Watson could allow authenticated users access to sensitive information through...

CVE-2024-35151

creationtimestamp| type| source ---|---|--- 2024-08-22 14:21:44+00:00| seen| https://t.me/cvedetector/3909...

CVE-2024-35151

CVE-2024-35151 concerns IBM OpenPages with Watson 8.3 and 9.0, where authenticated users could access sensitive information due to improper authorization controls on APIs. The Red Hat/CNVD/NVD records align on the affected products/versions (IBM OpenPages with Watson 8.3; IBM OpenPages 9.0) and t...

CVE-2023-35151

creationtimestamp| type| source ---|---|--- 2023-06-23 22:22:17+00:00| seen| https://t.me/cibsecurity/65476...

CVE-2023-35151 XWiki Platform may show email addresses in clear in REST results

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, a...

CVE-2023-35151

CVE-2023-35151 (XWiki Platform) affects XWiki Platform versions 7.3-milestone-1 through 14.4.7, where any user can call a REST endpoint and obtain obfuscated passwords, even if mail obfuscation is enabled. The issue has been patched in 14.4.8, 14.10.6, and 15.1. No public workaround is documented...

CVE-2022-35151

CVE-2022-35151 for kkFileView 4.1.0 : Multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters in /controller/OnlinePreviewController.java. Public sources describe the impact as executing malicious scripts in the victim’s browser, potentially enabling data theft or ses...

CVE-2022-35151

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...

CVE-2020-35151

creationtimestamp| type| source ---|---|--- 2020-12-22 00:52:21+00:00| seen| https://t.me/cibsecurity/21148...

CVE-2020-35151

CVE-2020-35151 affects The Online Marriage Registration System 1.0. The vulnerability is a Time-Based SQL Injection in the post parameter searchdata of user/search.php (and noted in admin/search.php in the exploit). Root cause: lack of input validation for searchdata, enabling attacker-controlled...

CVE-2020-35151

The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection...