22 matches found
CVE-2025-61971
Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity...
ssrfcheck Vulnerable to Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs
Summary ssrfcheck v1.3.0 latest fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser built into Node.js silently normalizes the IPv4 notation inside the brackets to...
CVE-2025-14790 IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials...
uTLS 安全漏洞
uTLS is an open-source Go language codebase developed by Refraction Networking. Versions of uTLS 1.6.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of a TLS 1.3 downgrade protection mechanism, which could lead to connection downgrade attacks...
GHSA-H5FG-JPGR-RV9C Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories
Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain unauthorized access to protected information and perform cross-site scripting attacks.
The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to the lack of protective measures for the website structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the FortiSIEM security management graphical interface lies in the lack of protective measures for the SQL query structure, allowing attackers to disclose protected information.
The vulnerability of the FortiSIEM security management graphical interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information remotely...
The vulnerability of the software for managing and monitoring remote devices in telemetry and telemechanics systems, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.
The vulnerability of software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the web interface of the IBM Sterling B2B Integrator software allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.
The vulnerability of the web interface of the IBM Sterling B2B Integrator software solution relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and gain unauthorized access to protected...
The vulnerability of Microsoft Copilot Studio’s graphical tool for creating and supporting artificial intelligence, related to the lack of protection for website structure, allows attackers to enhance their privileges.
The vulnerability of the graphical tool for creating and supporting artificial intelligence in Microsoft Copilot Studio relates to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability may allow a malicious actor to enhance their privileges remotely...
The vulnerability of the IBM QRadar SIEM system for event collection and analysis lies in the lack of protection for operational data, which allows attackers to exploit this weakness to disclose protected information.
The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the IBM Aspera Faspex file-sharing application lies in the lack of protection for the transmitted data, allowing a perpetrator to access confidential information.
The vulnerability of the IBM Aspera Faspex file-sharing application lies in the lack of protection for the transmitted data. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...
The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, stems from the lack of protective measures for website structures. This allows attackers to carry out Cross-Site Scripting (XSS) attacks.
The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out cross-site scripting attacks XSS remotely...
The vulnerability of the Windows CDP component of the Windows operating system allows attackers to disclose sensitive information that is protected by this component.
The vulnerability of the Windows CDP component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of microprogramming software in the software-hardware environment for monitoring and security protection of IT infrastructure against physical threats, such as the implementation of NetBotz 4, allows a intruder to execute arbitrary code.
The vulnerability of microprogramming software in programming-and-software-based environments for monitoring and security protection of IT infrastructure arises due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the GraphQL API implementation of the Red Hat Advanced Cluster Security (RHACS) for Kubernetes allows a perpetrator to increase their privileges and gain unauthorized access to protected information.
The vulnerability of the GraphQL API implementation of the Red Hat Advanced Cluster Security RHACS for Kubernetes lies in the insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to enhance their privileges and gain unauthorized access to protected...
The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server relates to the lack of protective measures for website structures, allowing attackers to execute cross-site scripting attacks.
The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a speciall...
CVE-2017-18476
Leech Protect in cPanel before 62.0.4 does not protect certain directories SEC-205...
The vulnerability of the Microsoft SharePoint software package, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.
The vulnerability of the Microsoft SharePoint software package is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of Microsoft Exchange Server servers allows a hacker to inject arbitrary Web or HTML code.
The vulnerability of Microsoft Exchange Server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code via email or chat clients...