183 matches found
Silicon Gecko OS 安全漏洞
Silicon Gecko OS is a highly optimized but feature-rich IoT operating system from Silicon, Inc. A security vulnerability exists in Silicon Gecko OS that stems from a missing HTTP GET request data length validation...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS at the /admin/compass endpoint, which passes data from GET requests to the index function. This function can return unsanitized text in error message popups when it receives a file deletion request. As a result,...
WordPress plugin AI Scribe 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-1911 · WordPress · The Ai Scribe
Name of the Vulnerable Software and Affected Versions: The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT GPT-4o 128K plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to unauthorize...
UBUNTU-CVE-2024-10240
An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project,...
PT-2024-8870 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.3 through 17.3.7 GitLab EE versions 17.4 through 17.4.4 GitLab EE versions 17.5 through 17.5.2 GitLab CE versions 17.3 through 17.3.7 GitLab CE versions 17.4 through 17.4.4 GitLab CE versions 17.5 through 17.5.2...
Apache Tomcat - information disclosure (CVE-2023-42795 )
When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next...
CVE-2024-30106
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...
CVE-2024-30106
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...
CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...
CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...
CVE-2024-30118
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data...
CVE-2024-30118
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data...
MAL-2024-12269 Malicious code in faest (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f66b290465d72fc55bce4fef4200ebea68c430be84cdcbbabec5263958041781 When using this library to do any request, a "validateorigin" function is called L1320 in client.py. This method, located in utils.py, collects all request dat...
Invision Community Security Breach
Invision Community is a software for designing and developing mobile application UI from Invision USA. A security vulnerability exists in Invision Community versions prior to 4.7.16 that stems from the application failing to properly clean up request parameters, which can be exploited by an...
awesome-web-pocs
Awesome Web PoCs !arXivhttps://img.shields.io/badge/arXiv-...
CVE-2024-35196
Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...
GHSA-97JM-G33H-F46G silverstripe/framework ReadOnly transformation for formfields exploitable
Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...
DEBIAN-CVE-2024-26995
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpdo and nrsrcpdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it...
CVE-2023-42954
A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests...