14 matches found
CVE-2023-53920
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface podcastdetails.php. Malicious JavaScript payloads injected into the podcast title execute when users visit the application's home page...
CVE-2023-53920 PodcastGenerator Stored Cross-Site Scripting via Podcast Title Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface podcastdetails.php. Malicious JavaScript payloads injected into the podcast title execute when users visit the application's home page...
CVE-2023-53920
CVE-2023-53920 concerns PodcastGenerator 3.2.9, with a stored cross-site scripting (XSS) vulnerability in the podcast title field exposed via the podcast_details.php interface. The malicious payloads injected into the podcast title can execute when users visit the application’s home page, indicat...
PT-2025-51958
Name of the Vulnerable Software and Affected Versions PodcastGenerator version 3.2.9 Description PodcastGenerator version 3.2.9 has a stored cross-site scripting issue in the podcast title field. This flaw is accessible through the podcast details interface, specifically the podcast details.php...
VulnCheck KEV: CVE-2025-55190
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...
Sensitive Information Disclosure
github.com/argoproj/argo-cd is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the project details API returning stored repository usernames and passwords in its response, and an attacker with a token scoped only for standard application management can call that endpoi...
GitLab CE和EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability in GitLab CE and EE versions 15.1 through before 18.1.6, 18.2...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the project details API endpoint. An attacker can access sensitive repository credentials by using API tokens with project-level or project get permissions,...
CVE-2025-55190
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...
CVE-2025-55190 Argo CD: Project API Token Exposes Repository Credentials
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...
OrangeHRM input validation error vulnerability
Orangehrm is a human resource management system HRM from Orangehrm, Inc. The system supports personnel information management, leave management, attendance management and recruitment management, etc. Orangehrm version 4.10 has an input validation error vulnerability, which stems from vulnerabilit...
Orangehrm 输入验证错误漏洞
Orangehrm is a human resource management system HRM from Orangehrm, Inc. The system supports personnel information management, leave management, attendance management and recruitment management, etc. Orangehrm version 4.10 has an input validation error vulnerability, which stems from vulnerabilit...
CVE-2020-19676
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...
Information disclosure
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in...