Plugin Telemetry

Provide telemetry on plugin runs. No source data...

PT-2025-2938 · Teradata · Teradata Vantage Editor

Name of the Vulnerable Software and Affected Versions: Teradata Vantage Editor version 1.0.1 Description: The issue concerns unintended functionality in the software, including the presence of Chromium Developer Tools, which can allow a client user to access arbitrary remote websites. This can...

CVE-2025-0473 Incomplete Cleanup vulnerability in PMB platform

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimportauthorities’ endpoint. When a file is uploaded via this...

CVE-2025-0473

CVE-2025-0473 describes a vulnerability in PMB platform where the file upload at /pmb/authorities/import/iimport_authorities creates a temporary file that is deleted after a POST to the same endpoint, but an attacker can trap the second POST to prevent deletion, causing persistence of temporary f...

CVE-2025-0456

The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve all accounts and passwords...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02238)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by attackers to cause abnormal functionality...

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02246)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...

PT-2025-3892 · Netvision Information · Airpass

Name of the Vulnerable Software and Affected Versions: airPASS from NetVision Information affected versions not specified Description: The issue allows unauthenticated remote attackers to access specific administrative functionality, enabling them to retrieve all accounts and passwords. This pose...

PT-2025-5013 · Mailchimp · Import Users To Mailchimp

Name of the Vulnerable Software and Affected Versions: Import Users to MailChimp versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...

PT-2025-5002 · Mercadolibre · Mercadolibre Integration

Name of the Vulnerable Software and Affected Versions: MercadoLibre Integration versions 1.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-4881 · Unknown · Shockingly Big Ie6 Warning

Name of the Vulnerable Software and Affected Versions: Shockingly Big IE6 Warning versions n/a through 1.6.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02245)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...

NorthGrid Proself Installed (Linux)

Binary data northgridproselflinuxinstalled.nbin...

CVE-2025-23074 Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

CVE-2025-23074 Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

CVE-2025-23074

CVE-2025-23074 affects the Wikimedia MediaWiki SocialProfile Extension, with an information-disclosure flaw in Special:EditProfile. Versions affected: 1.39.X before 1.39.11, 1.41.X before 1.41.3, and 1.42.X before 1.42.2. Root cause: contents marked as hidden or restricted fields can be exposed t...

CVE-2024-39802

Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...

CVE-2024-39801

Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...

CVE-2024-39794

Multiple external config control vulnerabilities exist in the nas.cgi setnas proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

Microsoft MapUrlToZone 安全漏洞

Microsoft MapUrlToZone is a lightweight console application written in C++ by Microsoft Corporation USA. A security vulnerability exists in Microsoft MapUrlToZone. An attacker exploiting this vulnerability could bypass certain functionality. The following products and versions are affected:Window...