Cisco Customer Collaboration Platform 信息泄露漏洞

Cisco Customer Collaboration Platform Cisco CCP is a customer collaboration platform from Cisco USA. Cisco Customer Collaboration Platform suffers from an information disclosure vulnerability that stems from the application's inadequate protection of sensitive information, which can be exploited ...

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, related to deficiencies in the authentication mechanism, allows attackers to disclose the protected information.

The vulnerability of the IBM Guardium Data Protection platform relates to deficiencies in its authentication mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the IBM Guardium Data Protection platform regarding data security, related to the leakage of information in error messages, allows attackers to disclose protected information.

The vulnerability of the IBM Guardium Data Protection platform relates to the leakage of information in error messages. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the Git Utilities module for Drupal CMS systems lies in the insufficient protection of operational data, allowing attackers to gain access to read, modify, or delete data, or execute arbitrary code.

The vulnerability of the Git Utilities module for Drupal CMS systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, or delete data, or execute arbitrary code...

The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340 and its network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H lies in the insufficient protection of operational data. This allows unauthorized access by intruders to read, modify, or delete data, or to cause malfunctions in the system.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 programmable logic controller, as well as the network modules BMXNOE0100, BMXNOE0110, and BMXNOR0200H, is related to insufficient protection for operational data. Exploiting this vulnerability can allow an...

The vulnerability of the OneDev collaborative development platform, related to insufficient protection of service data, allows a hacker to read arbitrary files.

The vulnerability of the OneDev collaborative development platform is related to insufficient protection for service data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

The vulnerability of the SolidWall WAF, related to insufficient protection of service data, allows attackers to gain unauthorized access to the protected information.

The vulnerability of the SolidWall WAF lies in the insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, which stems from improper encoding or hiding of output data, allows attackers to load arbitrary files.

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection is related to improper encoding or hiding of output data. Exploiting this vulnerability allows a malicious actor to remotely upload arbitrary files...

The vulnerability of the BFCache technology used by Google Chrome and Microsoft Edge browsers allows a hacker to gain unauthorized access to protected information.

The vulnerability of the BFCache technology used by Google Chrome and Microsoft Edge is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of Intel microprogramming software, related to insufficient protection of system data, allows attackers to gain unauthorized access to protected information.

The vulnerability of Intel microprogramming software is related to insufficient protection of system data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

Hewlett Packard Enterprise StoreOnce 命令注入漏洞

Hewlett Packard Enterprise StoreOnce is a cloud backup data protection system from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise StoreOnce that stems from a command injection that could lead to remote code execution...

The vulnerability of the platform for managing and monitoring Vynamic View terminals lies in the insufficient protection of operational data, which allows attackers to disclose the protected information.

The vulnerability of the platform for managing and monitoring Vynamic View terminals is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to disclose the protected information...

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueue_push() function allows a attacker to disclose sensitive information.

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueuepush function is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to disclose protected information through the...

The vulnerability of the Shamir’s secret platform implementation for archiving corporate information, HashiCorp Vault and Vault Enterprise, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Shamir’s secret platform implementation for archiving corporate information, both HashiCorp Vault and Vault Enterprise, is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to the...

DRUPAL-CONTRIB-2025-072

This module addresses the General Data Protection Regulation GDPR and the EU Directive on Privacy and Electronic Communications. The module doesn't sufficiently verify whether "disabled JavaScript" entries are valid or correspond to actual scripts on the page. As a result, an attacker could injec...

CVE-2024-47056 Mautic does not shield .env files from web traffic

SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...

Drupal EU Cookie Compliance (GDPR Compliance) module < 1.26.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module EU Cookie Compliance GDPR Compliance versions 1.26.0...

The vulnerability of the include() function in Twig template rendering handlers allows attackers to circumvent existing security restrictions.

The vulnerability of the include function in Twig template rendering engines is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...