9 matches found
CVE-2025-31982
HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...
EUVD-2025-209697
HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...
CVE-2025-31982
HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...
Exploit for Argument Injection in Atlassian Bitbucket
CVE-2022-36804-POC 🕷️ Bitbucket CVE-2022-36804 unauthenticated...
HyperKitty 信息泄露漏洞
An information disclosure vulnerability exists in HyperKitty version 1.3.4 and prior versions that stems from when importing archives of private mailing lists that are publicly visible during the import...
Denial of service
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly...
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
lzma/7z_fuzzer: Use-of-uninitialized-value in CrcUpdateT8
Detailed report: https://oss-fuzz.com/testcase?key=5695345578737664 Project: lzma Fuzzer: libFuzzerlzma7zfuzzer Fuzz target binary: 7zfuzzer Job Type: libfuzzermsanlzma Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: CrcUpdateT8 CrcCalc SzArExExtract Sanitize...
On error at /rest/ stack-trace is publicly visible
h3. Summary On Confluence server 6.12.2 requesting wrong REST URL /rest/cql/contenttypes?category=test we will see full stack-trace. The same we can see at https://confluence.atlassian.com/rest/cql/contenttypes?category=test On production, a regular user should not see the stack-trace when an err...