1366 matches found
CVE-2026-22814
@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...
CVE-2023-40827
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter...
CVE-2021-31448
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
CVE-2022-37351
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2022-37368
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2019-20786
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...
CVE-2020-10581
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management ADM through 5.0 allow remote attackers to read potentially sensitive data hosted by the application...
CVE-2025-61916
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
Malicious code in auto-backup-wsl (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a2df4191bfbdaa28acd42677c912064639ef3b278179beee064cd83fb5b0e11e Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...
Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Impact The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into Spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This ALSO includes calling INTERNAL Spinnaker API's via a get and similar endpoints...
CVE-2025-61916
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
CVE-2025-61916 Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines vi...
CVE-2025-9110
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...
CVE-2025-9110
CVE-2025-9110 affects QNAP QTS and QuTS hero where an exposure of sensitive system information to an unauthorized control sphere allows remote reading of application data. Affected versions include QTS 5.2.8.3332 build 20251128 and later, QuTS hero h5.2.8.3321 build 20251117 and later, and QuTS h...
CVE-2025-9110 QTS, QuTS hero
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...
CVE-2025-9110 QTS, QuTS hero
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the followin...
EUVD-2025-205370
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...
CVE-2025-59683
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...
CVE-2025-59683
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of servi...