SUSE CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly's admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

CVE-2024-53359

An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and prior versions, which stems from improper access control in the Temporary...

CVE-2025-1259

On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available...

SUSE CVE-2013-2071

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

IssabelPbx 跨站脚本漏洞

IssabelPbx is an open source Gui Graphical User Interface from the Issabel Foundation. It is used to control and manage Asterisk Pbx. Issabel issabelPBX suffers from a cross-site scripting vulnerability that originates in the file page.backuprestore.php, where the exit function will terminate the...

CVE-2020-28917

An issue was discovered in the viewstatistics aka View frontend statistics extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data e.g., cleartext passwords if ext:felogin is...