12961 matches found
EUVD-2025-206876
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...
CVE-2025-68621 Trilium Notes has a Timing Attack Vulnerability in /api/login/sync
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...
PT-2026-6798
Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.101.0 Description Trilium Notes is a cross-platform note taking application. A timing attack in the sync authentication endpoint allows unauthenticated remote attackers to recover HMAC authentication hashes...
Trilium Notes 安全漏洞
Trilium Notes is a hierarchical note-taking application developed by Zadam, the individual developer of this project. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.101.0 contained security vulnerabilities. These vulnerabilities stemmed from critical...
diskpulse-poc
diskpulse-poc Exploit for OSED prep on DiskPulse Enter...
Medium: golang-github-cpuguy83-go-md2man
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: golist
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
GHSA-H3Q6-JFRG-3X6Q survey-pdf Upgraded jsPDF Version Due to Security Vulnerability
The following security vulnerability was identified in jsPDF versions = 4.0.0 and included the fix in the following survey-pdf releases: v1.12.59 v2.5.5 Action Users should upgrade survey-pdf in their projects to v1.12.59+ or v2.5.5+ immediately. Notes No other survey-pdf dependencies are affecte...
PT-2026-6263
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.9 n8n versions prior to 2.2.1 Description n8n is a workflow automation platform. A Cross-Site Scripting XSS issue existed in a markdown rendering component within the n8n interface, affecting areas that support...
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.8.0...
WordPress plugin Mail Mint 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2020-37005
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...
CVE-2020-37005
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...
CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...
CVE-2020-37005
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...
CVE-2020-37005
Summary: CVE-2020-37005 affects TimeClock Software 1.01 and is described as an authenticated time-based SQL injection. The flaw resides in the add_entry.php endpoint, where an attacker can manipulate the notes parameter to induce conditional time delays and determine valid usernames by measuring ...
CVE-2025-54373
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has...
CVE-2026-24836
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...
TimeClock SQL injection vulnerability
TimeClock is a time management software developed by TimeClock Corporation. Version 1.01 of TimeClock contains a SQL injection vulnerability. This vulnerability stems from the notes parameter in the addentry.php endpoint, which allows for time-based SQL injections, potentially enabling enumeratio...
PT-2026-5280
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add entry.php endpoint to determine user existence by measuring...