Vivotek多款产品 安全漏洞

Vivotek ND8422P and others are a network camera from China VIVOTEK Communications Vivotek. A security vulnerability exists in various Vivotek products, which originated from causing sensitive information to be included in the source code. The following products are affected: Vivotek ND8422P,...

CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file...

CVE-2025-32054

CVE-2025-32054 affects JetBrains IntelliJ IDEA prior to 2024.3, including 2024.2.4. The issue is a logging vulnerability where source code could be written to the idea.log file, potentially exposing sensitive information. The root cause is that certain source code content is logged during normal ...

BIT-JOOMLA-2022-23794 [20220302] - Core - Path Disclosure within filesystem error messages

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application...

Important: tomcat

Issue Overview: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpect...

CBL Mariner 2.0 Security Update: emacs (CVE-2024-53920)

The version of emacs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53920 advisory. - In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code...

AZL-58951 CVE-2025-2588 affecting package augeas for versions less than 1.12.0-6

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function recaseexpand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been...

Apache ActiveMQ 5.3.2 Source Code Disclosure

Apache ActiveMQ version 5.3.2 source code disclosure proof of concept exploit that demonstrates an issue discovered in 2010. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3....

Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

Linux Distros Unpatched Vulnerability : CVE-2024-52005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git...

Linux Distros Unpatched Vulnerability : CVE-2021-42574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

Apache ActiveMQ 5.3.1 Source Code Disclosure

Proof of concept exploit that demonstrates a source code disclosure vulnerability in Apache ActiveMQ version 5.3.1. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3.1 PHP Cod...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...