14 matches found
CVE-2026-0267
CVE-2026-0267 affects the Palo Alto Networks GlobalProtect app on macOS. It is described as an information exposure vulnerability where a local user can learn the passcodes used to disable, disconnect, or uninstall the app, enabling those actions despite configuration restrictions. The provided d...
Palo Alto Networks GlobalProtect app 日志信息泄露漏洞
The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app for macOS has a vulnerability related to log information leakage. This vulnerability allows local users to obtain the configuration passwords necessary to disable,...
PT-2026-48528
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...
PT-2025-36044
Name of the Vulnerable Software and Affected Versions: ContentProtectionTogglePreferenceController.java affected versions not specified Description: A logic error in the updateState function within ContentProtectionTogglePreferenceController.java may allow a secondary user to disable the deceptiv...
Palo Alto Networks GlobalProtect app 安全漏洞
Palo Alto Networks GlobalProtect app is a network protection software from Palo Alto Networks. A security vulnerability exists in the Palo Alto Networks GlobalProtect app, which stems from an improperly assigned privilege that could result in a locally authenticated non-administrative user...
CVE-2023-23943
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...
CVE-2024-23835
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the...
Code injection
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clickin...
Self XSS when pasting HTML into Text app with Ctrl+Shift+V
None...
SUSE CVE-2023-45150
Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended th...
Contacts - PHOTO svg only sanitized if mime type is all lower case
None...
SUSE CVE-2023-23943
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...
PT-2022-6377 · Nextcloud · Nextcloud Mail
Name of the Vulnerable Software and Affected Versions: Nextcloud mail versions prior to 1.15.0 Nextcloud mail versions prior to 2.2.2 Description: The issue is related to insufficient validation of incoming requests in the Nextcloud mail client, allowing a remote attacker to scan internal service...
CVE-2022-3082
The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example...