CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

EUVD-2025-198802

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

PT-2025-47927

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

CVE-2025-56423

CVE-2025-56423 affects OpenAtlas v8.12.0 from the Austrian Academy of Sciences. A login error message handling flaw can disclose sensitive information to remote attackers, exposing confidentiality. Connected sources (Red Hat, EU ENISA, OSV, NVD, CVE listing) corroborate the issue description but ...

CVE-2025-60917

CVE-2025-60917 is a reflected XSS in Austrian Archaeological Institute Openatlas prior to v8.12.0, discovered via the /overview/network/ endpoint where an attacker injects a payload into the color parameter to run code in a user’s browser. The vulnerability arises from unvalidated/reflected input...

CVE-2025-60020

nncp before 8.12.0 allows path traversal for reading or writing during freqing and file saving via a crafted path in packet data...

UBUNTU-CVE-2025-60020

nncp before 8.12.0 allows path traversal for reading or writing during freqing and file saving via a crafted path in packet data...

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2025-036-01)

The version of curl installed on the remote host is prior to 8.12.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-036-01 advisory. New curl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Atlassian Jira 8.6.0 < 8.12.0 Project Key Enumeration

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.17, 7.14.x prior to 8.5.8 or 8.6.x prior to 8.12.0. It is, therefore, affected by a vulnerability that permits remote attackers to enumerate project keys via an Informati...

Proofpoint Spam Engine 访问控制错误漏洞

Proofpoint Spam Engine is an email filter from Proofpoint USA, Inc. It is used to filter inbound and outbound email traffic for service filtering organizations. An Access Control Error vulnerability exists in Proofpoint Spam Engine, which stems from the product allowing .dat files to be sent via...

Proofpoint Enterprise Protection 代码问题漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. that provides functionality to protect email. A code issue vulnerability exists in Proofpoint Enterprise Protection that stems from the product allowing cascading style sheets to be implemented incorrectly. An attacker could...

Atlassian Jira 8.6.x < 8.12.0 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.3.16, 8.x 8.5.7 or 8.6.x 8.12.0. It is, therefore, affected by an information disclosure vulnerability in the ViewUserHover.jspa endpoint allowing an unauthenticated user to...

CVE-2021-28979

CVE-2021-28979 affects SafeNet KeySecure Management Console 8.12.0. The issue is HTTP response splitting, where a remote attacker can exploit a specially-crafted URL to cause the server to return a split HTTP response when the link is clicked. This summary is based on the provided CVE entry and r...

Tenable Nessus 8.9.0 - 8.12.0 File Copy Vulnerability (TNS-2020-08) - Windows

Tenable Nessus is prone to a file copy vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus";...

CVE-2020-14181

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...