29 matches found
CVE-2026-44874 Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface
A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system...
CVE-2026-24322 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability...
CVE-2018-1000827
Ubilling version = 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...
CVE-2018-1000837
UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...
EUVD-2018-0819
Malware in sbrugna...
EUVD-2018-2021
Malware in sbrugna...
EUVD-2018-2025
Malware in sbrugna...
EUVD-2018-2027
Malware in sbrugna...
The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) JetBrains TeamCity, related to the storage of information in an open manner, allows a hacker to expose confidential information.
The vulnerability of the Continuous Integration and Deployment Application Delivery system CI/CD of JetBrains TeamCity is related to the storage of information in an open manner. Exploiting this vulnerability can allow attackers to disclose confidential information...
CVE-2018-1000822
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...
CVE-2018-1000834
runelite version = runelite-parent-1.4.23 contains a XML External Entity XXE vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...
CVE-2018-1000651
Stroom version 5.4.5 contains a XML External Entity XXE vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file...
The vulnerability of the mod_css_styles function in the Cascading Style Sheet Handler component of the RoundCube email client allows a hacker to disclose confidential information.
The vulnerability of the modcssstyles function in the Cascading Style Sheet Handler component of the RoundCube email client is related to insufficient filtering of the sequence of tokens in CSS styles displayed in email messages. Exploiting this vulnerability could allow an attacker to disclose...
The vulnerability of the GLPI system for handling requests and incidents, related to the disclosure of confidential information to unauthorized individuals, allows a violator to disclose confidential data.
The vulnerability of the GLPI system for handling requests and incidents involves the disclosure of confidential information to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose confidential data...
The vulnerability of the tls_new_ciphertext() function in the src/net/tls.c file of the iPXE network loading standard’s Preboot Execution Environment implementation, which allows a hacker to disclose confidential information
The vulnerability of the tlsnewciphertext function in the src/net/tls.c file of the iPXE network loading standard implementation allows for unauthorized access. Exploiting this vulnerability could enable a malicious actor to disclose confidential information by manipulating the padlen argument...
The vulnerability of the Ghost content management system, related to inconsistencies in responses to incoming requests, allows a hacker to disclose confidential information.
The vulnerability of the Ghost content management system is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability allows a malicious actor to disclose confidential information through a specially crafted HTTP request...
CVE-2022-34458
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the...
CVE-2022-34458
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the...
CVE-2022-32285
A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.16.6, Mendix SAML Module Mendix 8 compatible All versions V2.2.2, Mendix SAML Module Mendix 9 compatible All versions V3.2.3. The affected module is vulnerable to XML External Entity XXE attacks due to...
Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability CVE-2021-0186, CVSS score: 8.2 was discovered by a group of academics from...