173 matches found
Security Bulletin: IBM InfoSphere Information Server is vulnerable to sensitive information disclosure (CVE-2025-25045)
Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-25045 DESCRIPTION: IBM InfoSphere Information Server authenticated user to obtain sensitive information when a detailed technical error message is...
HP OfficeJet Pro Printers Denial of Service (CVE-2023-4694)
Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
CVE-2025-53650
Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...
CVE-2025-7362 MsUpload: Stored Cross-Site Scripting (XSS) via unsanitized msu-continue system message
The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload...
CVE-2025-27051
Memory corruption while processing command message in WLAN Host...
PT-2025-27013 · Unknown · Infinispan Cli
Name of the Vulnerable Software and Affected Versions: Infinispan CLI affected versions not specified Description: A flaw was found in Infinispan CLI where a sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext. This password is included in a command stri...
CVE-2025-6401 TOTOLINK N300RH HTTP POST Message formFilter denial of service
A vulnerability was found in TOTOLINK N300RH 6.1c.1390B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been...
PT-2025-26316 · Coros · Coros Pace 3
Name of the Vulnerable Software and Affected Versions: COROS PACE 3 versions 3.0808.0 and earlier Description: The issue is caused by a NULL pointer dereference vulnerability. Sending a crafted BLE message can force the device to reboot. Recommendations: For COROS PACE 3 versions 3.0808.0 and...
CVE-2025-48705
An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot...
CVE-2024-28120
codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus...
CVE-2024-47248
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to...
CVE-2023-45137
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12...
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report .prpt...
CVE-2020-1444
A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'...
CVE-2013-1152
Cisco Adaptive Security Appliances ASA devices with software 9.0 before 9.01.2 allow remote attackers to cause a denial of service device reload via a crafted field in a DNS message, aka Bug ID CSCuc80080...
CVE-2013-1149
Cisco Adaptive Security Appliances ASA devices with software 7.x before 7.25.10, 8.0 before 8.05.28, 8.1 and 8.2 before 8.25.35, 8.3 before 8.32.34, 8.4 before 8.44.11, 8.6 before 8.61.10, and 8.7 before 8.71.3, and Cisco Firewall Services Module FWSM software 3.1 and 3.2 before 3.224.1 and 4.0 a...
CVE-2013-3671
The formatline function in log.c in libavutil in FFmpeg before 1.2.1 uses inapplicable offset data during a certain category calculation, which allows remote attackers to cause a denial of service invalid pointer dereference and application crash via crafted data that triggers a log message...
CVE-2025-0049 Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0
When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0...
GoBGP does not verify that the input length
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message...
CVE-2025-43973
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message...