Lucene search
K

19 matches found

PyPA
PyPA
added 2026/05/11 4:17 p.m.39 views

PYSEC-2026-147

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to Gogs version 0.14.2, there was a security vulnerability. This...

6.9CVSS7.2AI score0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/10 3:56 p.m.19 views

CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors

XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...

5.3CVSS6.8AI score0.03417EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.6 views

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from a REST API that exposes the history of any page in XWiki whose name is known to an attacker, leading to information disclosu...

5.3CVSS6.2AI score0.03417EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.6 views

JFrog 安全漏洞

JFrog is an application from JFrog, Inc. that provides an end-to-end pipeline to control the flow of binaries from build to production. A security vulnerability exists in JFrog. An attacker exploiting this vulnerability could disclose any user's terminal server command history...

5.3CVSS6.5AI score0.00595EPSS
Exploits1References2
Hacker One
Hacker One
added 2022/05/31 3:31 p.m.16 views

LinkedIn: Campaign Account Balance and History Disclosed in API Response

During the security assessment of the application, it has been observed that server-side authorization checks are not implemented on the 'GET /campaign-manager-api/campaignManagerAccounts/:campaignId/accountCredits?q=account' HTTP request. As a result, an attacker can fetch the campaign wallet...

1AI score
Exploits0
AlpineLinux
AlpineLinux
added 2021/08/24 6:49 p.m.36 views

CVE-2021-30884

The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history...

4.7CVSS5.9AI score0.01114EPSS
Exploits0
Cvelist
Cvelist
added 2019/12/18 5:33 p.m.27 views

CVE-2019-8769

An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history...

5.2AI score0.01241EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/06 12:0 a.m.59 views

Debian DSA-4558-1 : webkit2gtk - security update

Several vulnerabilities have been discovered in the webkit2gtk web engine : - CVE-2019-8625 Sergei Glazunov discovered that maliciously crafted web content may lead to universal cross site scripting. - CVE-2019-8720 Wen Xu discovered that maliciously crafted web content may lead to arbitrary code...

8.8CVSS6.5AI score0.01543EPSS
Exploits0References11
CNVD
CNVD
added 2019/10/21 12:0 a.m.2 views

Apple macOS Catalina WebKit Component Logic Flaw Vulnerability

Apple macOS Catalina is a proprietary operating system developed by Apple for Mac computers.WebKit is one of the components of the Web browser engine. A security vulnerability exists in the drawing of Web page elements in the WebKit component of Apple macOS Catalina prior to version 10.15. The...

4.3CVSS6.4AI score0.01241EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/04/17 2:46 p.m.76 views

TomTom: Exposed Git Repo at http://betaforum.tomtom.com/.git/{subfolders}

Dear Security team, I found a git repository on http://betaforum.tomtom.com/.git. This endpoint allows an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information, it all depends what is stored there. Example: 1...

0.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/12/15 12:0 a.m.42 views

Apple iTunes < 12.3.2 Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes running on the remote Windows host is prior to 12.3.2. It is, therefore, affected by multiple vulnerabilities in the WebKit component : - Multiple memory corruption issues exists that an attacker can exploit to cause a denial of service or execute arbitrary code...

6.8CVSS8.1AI score0.02795EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2015/09/09 12:0 a.m.25 views

Scientific Linux Security Update : subversion on SL7.x x86_64 (20150908)

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...

5CVSS7AI score0.12841EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/09/08 1:9 p.m.10 views

subversion: svn_repos_trace_node_locations() reveals paths hidden by authz

It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved...

4CVSS7.3AI score0.06464EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/09/08 1:9 p.m.45 views

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

5CVSS6.8AI score0.12841EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.30 views

Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150817)

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...

5CVSS7AI score0.12841EPSS
Exploits0References4
CNVD
CNVD
added 2015/04/09 12:0 a.m.4 views

Apple iOS Safari History Disclosure Vulnerability (CNVD-2015-02331)

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS Safari fails to properly clear recently closed tabs when clearing history, allowing attackers to exploit the vulnerability to obtain sensitive information...

5CVSS6.4AI score0.01487EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2009/11/02 12:0 a.m.42 views

Mozilla Firefox Multiple Vulnerabilities Nov-09 (Windows)

This host is installed with Mozilla Firefox browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnnov09win.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Multiple Vulnerabilities Nov-09 Windows Authors: Sharath S Copyright: Copyright c 2009...

10CVSS1.1AI score0.28167EPSS
Exploits50References8
Exploit DB
Exploit DB
added 2003/02/04 12:0 a.m.27 views

Opera 7.0 - Error Message History Disclosure

source: https://www.securityfocus.com/bid/6759/info It has been reported that Opera fails to ensure that a remote site has proper authorization before executing some methods used to access error messages stored in the Opera console. This issue is further exacerbated by the fact that error message...

7.4AI score
Exploits0
Rows per page
Query Builder