1862 matches found
CVE-2018-25142 NovaRad NovaPACS Diagnostics Viewer 8.5 XML External Entity Injection
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity XXE injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack...
CVE-2018-25142 NovaRad NovaPACS Diagnostics Viewer 8.5 XML External Entity Injection
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity XXE injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack...
CVE-2018-25142
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 is affected by an unauthenticated XML External Entity (XXE) injection in XML preference import settings. The root cause is an XXE vulnerability that allows crafted XML files with DTD parameter entities to retrieve arbitrary system files via an out-of-...
NovaRad NovaPACS Diagnostics Viewer 安全漏洞
NovaRad NovaPACS Diagnostics Viewer is a medical imaging diagnostics viewer from NovaRad Philippines. A security vulnerability exists in NovaRad NovaPACS Diagnostics Viewer version 8.5.19.75, which stems from an XML preferences import that has XML external entity injection, which could lead to...
Docker Desktop < 4.54.0 Sensitive Data Leakage
The version of Docker Desktop is prior to 4.54.0. It is therefore affected by a data leakage vulnerability. Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty and are affected by cross-site scripting.
Summary The security issue described in CVE-2025-12635 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
CVE-2025-13743
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-42878
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...
EUVD-2025-202325
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...
CVE-2025-13743
Docker Desktop
EUVD-2025-201849
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...
CVE-2025-42878
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...
CVE-2025-42878 Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...
CVE-2025-42878 Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...
PT-2025-50250
Name of the Vulnerable Software and Affected Versions Docker Desktop affected versions not specified Description Docker Desktop diagnostics bundles include expired Hub PATs Personal Access Tokens in log output because of error object serialization. This can lead to the leakage of sensitive...
PT-2025-49768
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability...
📄 Microsoft Windows 11 Build 10.0.22631.6199 Advanced Admin Protection Bypass
This enhanced proof of concept exploit demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privileg...