IBM Maximo Application Suite 安全漏洞

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An information disclosure vulnerability exists in IBM Maximo Application Suite that stems from allowing...

PT-2025-2432 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite versions 8.10 through 9.0 Description: The issue is related to the Monitor Component of the IBM Maximo Application Suite, which stores source code on the web server. This could aid in further attacks against the...

CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

BIT-PHP-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to v9.8, which stems from an unverified path connection in the servejs function in app.py. An attacker exploiting this vulnerability can...

IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 8.3 and 9.0 that stems from the potential to disclose information about client source code to unauthorize...

Apache HTTP Server Information Disclosure Vulnerability (CNVD-2024-33815)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause source code...

CVE-2024-39729

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968...

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

CVE-2024-1272

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1...

CVE-2024-1272

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1...

The vulnerability of the /login.php component of the user registration and login system, PHP-MYSQL-User-Login-System, allows a hacker to disclose protected information.

The vulnerability of the /login.php component of the PHP-MYSQL-User-Login-System registration and login system is related to the disclosure of information through the source code. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

PT-2024-1434 · Unknown · Machinesense +3

Name of the Vulnerable Software and Affected Versions: MachineSense affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn RaspberryPi affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The cloud provider...

Code injection

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...

CVE-2023-3413

CVE-2023-3413 affects GitLab: all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. The vulnerability allows reading the source code of a project through a fork created before changing visibility to only pr...

PT-2023-24693 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 Description: An issue has been discovered in GitLab, allowing an attacker to read the source code of a project through a fork created...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

PT-2023-24352 · Harmonic · Harmonic Nsg 9000-6G

Name of the Vulnerable Software and Affected Versions: Harmonic NSG 9000-6G devices affected versions not specified Description: The issue allows an authenticated remote user to obtain source code by directly requesting a special path. Recommendations: At the moment, there is no information about...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...