Docmost 授权问题漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...

Odysseus: Jailbreaking Commercial Multimodal LLM-Integrated Systems Via Dual Steganography

By integrating language understanding with perceptual modalities such as images, multimodal large language models MLLMs constitute a critical substrate for modern AI systems, particularly intelligent agents operating in open and interactive environments. However, their increasing accessibility al...

PT-2025-30111 · WordPress · Temporarily Hidden Content

Name of the Vulnerable Software and Affected Versions: Temporarily Hidden Content plugin for WordPress versions up to and including 1.0.6 Description: The Temporarily Hidden Content plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s temphc-start shortcode...

WordPress plugin Temporarily Hidden Content 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2024-52269

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04...

CVE-2023-2181

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI...

VulnCheck KEV: CVE-2024-52269

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04...

CVE-2024-52269

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04...

CVE-2024-52269 AI Assistant PDF Document Spoofing in DocuSign

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04...

CVE-2024-52269

The CVE-2024-52269 entry (and related CVE-2024-52276) concerns DocuSign UI where hidden content rendered after signing can be misrepresented, enabling content spoofing. Technical details in connected sources show the issue affects DocuSign up to 2024-12-04 and involves a misrendering of layered c...

CVE-2024-52269 AI Assistant PDF Document Spoofing in DocuSign

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04...

HackerOne: Searching from Hacktivity returns hits for words in limited disclosure reports that are not visible

Summary: It appears I'm able to discover words used in limited disclosed reports, that are not publicly visible, by using the search function available from the Hactivity page. Description: Recently I was investigating a finding for another program which involved exploiting XSS ████. I wondered h...

CVE-2015-5490

The viewsfetchdata method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors...

Design/Logic Flaw

The viewsfetchdata method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors...

Discuz的一处越权操作强制回复无权限帖子

简要描述： 不是某些用户组的也可以回复，获取隐藏的内容 详细说明： 先注册一个账户 随便找一处vip教程 接下来 我们审查元素 找到这段代码 然后修改 回复 接着 我们再点回复 然后就可以获取特定用户群才能回复且必须回复才能获得隐藏内容的内容了 漏洞证明： https://images.seebug.org/upload/201505/18193006d7af9bcc20...

Discuz! X2 回复仅作者可见控制不严

简要描述： Discuz! X2 发布回复仅作者可见的主题帖，普通会员可以绕过该机制获得被隐藏的部分内容 详细说明： 帖子为打开状态时，可以通过楼层获得fid、tid、repposet 这3个参数，手动URL提交，可获取引用回复，引用回复中含有被屏蔽（仅作者可见的）部分内容。 漏洞证明： 拼接的url...

Hidden pages' content can be viewed without permission using copypage.action

If the id of a page is known by a user, that user can view the content of the page without having permissions to the space it is in. They need only construct the right URL. EG: Two spaces A and B Page with id 1 is in Space A User cannot see Space A User can see Space B The following URL will allo...