73 matches found
Horilla 跨站脚本漏洞
Horilla is a free and open source human resources software from Horilla, Inc. A cross-site scripting vulnerability exists in Horilla version 1.3.0, which stems from multiple fields in the Project and Task modules not being properly cleared for user input, and could lead to a stored cross-site...
CVE-2023-53387
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management cmd NOP OUT to the device for link recovery. If this cmd times out and clearing the doorbell fails,...
Linux Distros Unpatched Vulnerability : CVE-2025-5351
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into...
CVE-2023-47799
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...
CVE-2023-47799
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...
Mahara 安全漏洞
Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 22.10.4 and 23.x versions prior to 23.04.4 that stems from the HTML bulk export feature not clearing the cache, which could lead to information disclosu...
CVE-2023-47799
Mahara is affected by an information-disclosure vulnerability in the HTML bulk export feature, where exported files may leak images from other accounts because the per-account cache is not cleared. Affected: Mahara < 22.10.4 and Mahara 23.x
CVE-2023-47799
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...
PT-2025-34608 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 22.10.4 Mahara versions 23.x prior to 23.04.4 Description: Mahara is susceptible to information disclosure when the experimental HTML bulk export feature is utilized through the administration interface or command-lin...
CVE-2023-47799
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...
Linux Distros Unpatched Vulnerability : CVE-2025-38149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev-devlink when the link is deleted There is a potential crash issue whe...
CVE-2024-24915 - Potential vulnerability in SmartConsole where an administrator's credentials may be exposed to users with debugging privileges on the administrator's computer
Symptoms - Credentials are not cleared from memory after being used. A user with Administrator permissions can execute a memory dump for the SmartConsole process and fetch them. - This issue received the ID CVE-2024-24915. Solution This problem was fixed. The fix is included starting from: R82...
GNU GRUB 访问控制错误漏洞
GNU GRUB is a Linux system boot program from the GNU community. An Access Control Error vulnerability exists in GNU GRUB, which stems from GRUB not clearing the key in memory during automatic TPM decryption, and can be exploited by an attacker to obtain unencrypted data...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to clear flags when userdlmdestroylock fails, which could lead to reuse after release...
Improper Authentication
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Improper Authentication due to improper clearing of cookies through the handlehttp function of the air.py component. An attacker can gain unauthorized access to th...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the wdev-cqmconfig pointer not being cleared after release...
AZL-49191 CVE-2024-46673 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aacprobeone calls hardware-specific init functions through the aacdriverident::init pointer, all of which eventually call down to aacinitadapter. If aacinitadapter fails after...
WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode security vulnerability
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...
Contao 代码问题漏洞
Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao versions prior to 4.13.40, which stems from a token not being cleared after a password change on the front...
PT-2023-28197 · Gallagher · Gallagher Controller 6000
Name of the Vulnerable Software and Affected Versions: Gallagher Controller 6000 versions 8.60 or earlier Gallagher Controller 6000 versions 8.70 prior to vCR8.70.231204a Description: Sensitive information is not properly cleared after a debug or power state transition in the Controller 6000. Thi...