sunbird-portal 安全漏洞

sunbird-portal is an open-source portal developed by Sunbird-ED. Version 1.13.4 of sunbird-portal contains a security vulnerability caused by improper path restrictions, which may lead to path traversal attacks...

WordPress plugin Keenarch 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Blogzee code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

EUVD-2022-39575

Malicious code in bioql PyPI...

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to fingerprint the user due to improper access restrictions to the file system...

WordPress plugin Litho 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to incorrect restrictions on XML links to external objects, allows attackers to disclose protected information or exploit memory resources.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information or access memory resources...

Cisco Unified CCX 路径遍历漏洞

Cisco Unified CCX is a contact center software from Cisco. A path traversal vulnerability exists in Cisco Unified CCX that stems from improperly restricted path traversal and could lead to the execution of arbitrary code...

CVE-2024-55896

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system...

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to fingerprint the user due to improper access restrictions to the file system...

CVE-2025-1864 Buffer Overflow and Potential Code Execution in Radare2

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before 5.9.9...

The vulnerability of the Kotlin HTTP http4k application library’s functionality is related to incorrect restrictions on XML links to external objects, allowing attackers to perform XXE attacks.

The vulnerability of the Kotlin HTTP http4k application’s toolset is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

CVE-2024-55896 IBM PowerHA SystemMirror for i clickjacking

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system...

WordPress plugin Droip 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversa...

Microsoft GroupMe 安全漏洞

Microsoft GroupMe is a confidential group text messaging service from Microsoft USA. Users can group chat and manage text messages via SMS or client on their cell phones. A security vulnerability exists in Microsoft GroupMe that stems from improper restrictions on excessive authentication attempt...

Prototype Pollution

getsetprop is vulnerable to prototype pollution. The vulnerability is due to improper restrictions on proto or constructor.prototype properties, which allows an attacker to manipulate application logic, potentially leading to denial of service, remote code execution...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service (CVE-2024-28760)

Summary IBM App Connect Enterprise Dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. This bulletin identifies the steps to take to address the vulnerability Vulnerability Details CVEID:CVE-2024-28760 DESCRIPTION: IBM App Connect Enterprise dashboa...

Local File Inclusion (LFI)

zmarkdown is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper restrictions of images paths within LaTeX documents. This allowed an attacker to specify a local file path e.g., /tmp/img.png in the image markdown syntax which leads to Local File Inclusion LFI, resulting i...

CVE-2023-6109 YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

The vulnerability of the Node.js software platform, related to incorrect restrictions on path names for directories with restricted access, allows attackers to gain access to confidential information.

The vulnerability of the Node.js software platform is related to incorrect restrictions on path names for directories with restricted access. Exploiting this vulnerability could allow an attacker to gain access to confidential information...