18 matches found
CVE-2026-44306 Statamic: Email enumeration via forgot password endpoint
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-u...
Statamic 安全漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.21 and 6.15.0, where the password form’s respons...
Statamic CMS vulnerable to email enumeration via forgot password endpoint
Impact Responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. Patches This has been fixed in 5.73.21 and 6.15.0. The forgot...
PT-2026-38302
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.21 Statamic versions prior to 6.15.0 Description Responses from the forgot password forms reveal whether an account exists for a specific email address. This allows an unauthenticated attacker to perform user...
EUVD-2025-208504
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...
CVE-2025-56422
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...
PT-2025-34408 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0+ Description: The Linux kernel contains a flaw within the rtw89 driver related to a lockdep assertion in the rtw89 set sar from acpi function. The assertion was triggered during driver startup and has bee...
PT-2025-29046
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7 Description: A flaw was discovered in the Linux kernel related to the MPLS Multiprotocol Label Switching implementation. Specifically, the mpls route input rcu function could be called from within an...
PT-2025-27999
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0 Description: A vulnerability in the Linux kernel has been resolved, related to the kvaser pciefd driver. The issue involves the echo skb max handling logic, which defines the supported upper limit of echo...
RHSA-2024:2010 Red Hat Security Advisory: Satellite 6.15.0 release
Bulletin has no description...
RHEL 8 : Satellite 6.15.0 (Important) (RHSA-2024:2010)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2010 advisory. For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the...
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request then data can be provided which will trigger a second unexpected and user-defined HTTP request to made to the same server.
...
Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2020-52943)
Atlassian Confluence Server is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi. A cross-site scripting vulnerability exists in the Attachment Upload feature in Atlassian Confluence Server...
CVE-2019-3398
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...
Node.js 'debugger' Privilege Escalation Vulnerability - Mac OS X
Node.js is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
UBUNTU-CVE-2018-12122
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...
CVE-2018-12120
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...
PT-2018-11027 · Node.Js +2 · Node.Js +2
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 6.15.0 Description: The issue allows remote computers to attach to the debug port and evaluate arbitrary JavaScript when the debugger is enabled with node --debug or node debug, as it listens on all interfaces by...