189 matches found
CVE-2025-3649
The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks...
Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825)
Summary IBM® Db2® could disclose sensitive information when using ADMINCMD with LOAD or BACKUP. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When using...
Brave Desktop 1.77.95 Security Fixes
Updated brave://downloads to always display the download URL as reported on HackerOne by cj27. - Prevent extensions from injecting content scripts on https://account.brave.com as reported on HackerOne by newfunction. Upgraded Chromium to 135.0.7049.52 — refer to Google Chrome advisories for...
Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-43176)
Summary A vulnerability caused by improper authorization checks could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. Vulnerability Details CVEID:CVE-2024-43176 DESCRIPTION: IBM OpenPages could allow an...
Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-45663)
Summary IBM® Db2® is vulnerable to denial of service as the server may crash under certain conditions with a specially crafted query. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the...
GHSA-6784-9C82-VR85 Injection of arbitrary HTML/JavaScript code through the media download URL
Impact This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially allow attackers to steal sensitive...
CVE-2024-47617
Sulu CMS is affected by a Reflected XSS in the media download URL via the SuluMediaBundle. The issue stems from how the slug parameter is handled in the MediaStreamController downloadAction, allowing injection of arbitrary HTML/JavaScript. Affected versions include 2.6.4/2.5.20 (prior to fixes). ...
CVE-2024-47617 Reflected XSS Vulnerability in Sulu Media Bundle
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially...
CVE-2024-47617 Reflected XSS Vulnerability in Sulu Media Bundle
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially...
Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-35151)
Summary A vulnerability caused by improper authorization checks could allow authenticated users access to sensitive information through APIs. Vulnerability Details CVEID:CVE-2024-35151 DESCRIPTION: IBM OpenPages with Watson could allow authenticated users access to sensitive information through...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)
Summary IBM® Db2® under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. Vulnerability Details CVEID:CVE-2023-50308 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server under...
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions (CVE-2024-35136)
Summary IBM® Db2® federated server is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details CVEID:CVE-2024-35136 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server federated server is vulnerable to denial of...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement (CVE-2024-35152)
Summary IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement. Vulnerability Details CVEID:CVE-2024-35152 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment (CVE-2024-31882)
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables. (CVE-2024-31881)
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details CVEID:CVE-2024-31881 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)
Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details CVEID:CVE-2024-31880 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect...
CVE-2024-4537
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket...
CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket...
CVE-2024-4537
CVE-2024-4537 describes an IDOR vulnerability in Janto Ticketing Software version 4.3r10. The issue could allow a remote attacker to obtain another user’s download URL to access purchased tickets, indicating a potential confidentiality impact. Server-side access control appears insufficient to pr...
CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket...