Lucene search
K

11 matches found

Github Security Blog
Github Security Blog
added 2026/04/21 3:20 p.m.12 views

OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure

Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...

5.4CVSS5.7AI score0.00176EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.3 views

Schneider Electric Data Center Expert 访问控制错误漏洞

Schneider Electric Data Center Expert is a data monitoring software from Schneider Electric USA. An access control error vulnerability exists in Schneider Electric Data Center Expert version 8.1.1.3 and prior versions, which stems from missing authentication of critical functionality, and could...

5.9CVSS6.4AI score0.0054EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.3 views

OpenSC Security Vulnerabilities

OpenSC is an open source smart card tool and middleware. A security vulnerability exists in OpenSC. An attacker exploiting the vulnerability could lead to a potential disclosure of private data...

5.9CVSS6.5AI score0.01156EPSS
Exploits1References5
Prion
Prion
added 2023/03/31 5:15 p.m.11 views

Information disclosure

The VTEX email protected GraphQL API module does not properly restrict unauthorized access to private configuration data. email protected is unaffected by this issue...

5CVSS7.5AI score0.0053EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/09 10:0 p.m.15 views

CVE-2021-39203 Private data disclosure/privilege escalation through the block editor in Wordpress

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...

6.8CVSS6.8AI score0.00941EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2019/12/13 9:45 p.m.81 views

GitLab Doles Out Half a Million Bucks to White Hats

GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year — and has announced the winners of its latest hacking contest. GitLab, which started out as a web-based Git repository manager before moving into the DevOps...

8.2AI score
Exploits0References11
Hacker One
Hacker One
added 2019/04/10 3:16 p.m.24 views

Nextcloud: Combination of content provider allows private data disclosure

Good afternoon. Sorry, its me again .. I use NC on a daily basis so I often makes some checks .. As per 489105, document thumbnail shall not be disclosed. The exposure on thumbnailCache/ is an already know issue. However, malicious apps are still able to extract at least pictures and text files b...

2.1CVSS0.4AI score0.00434EPSS
Exploits1
Veracode
Veracode
added 2019/02/07 6:18 a.m.13 views

Access Control Bypass

slixmpp is vulnerable to access control bypass. The vulnerability exists because the default permissions for persistent storage of private data on a PEP node is not set properly, disclosing private data that have been published to a PEP node to all the contacts of the victim...

7.5CVSS7.4AI score0.02323EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/12/16 12:0 a.m.13 views

Moodle 2.9.x < 2.9.9 Multiple Vulnerabilities

Binary data 9834.prm...

5.3CVSS7.3AI score0.01196EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2013/01/07 12:0 a.m.28 views

Opera Multiple Vulnerabilities-01 Jan13 (Linux)

The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln01jan13lin.nasl 6115 2017-05-12 09:03:25Z teissa $ Opera Multiple Vulnerabilities-01 Jan13 Linux Authors: Antu Sanadi Copyright: Copyright c 2013 Greenbone Networks GmbH,...

9.3CVSS0.7AI score0.07794EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2013/01/07 12:0 a.m.46 views

Opera Multiple Vulnerabilities-01 (Jan 2013) - Linux

Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.4AI score0.07794EPSS
Exploits0References6
Rows per page
Query Builder