Azure Linux 3.0 Security Update: httpd (CVE-2024-39884)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39884 advisory. - A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based...

PT-2025-6020 · Xml2Rfc · Xml2Rfc

Name of the Vulnerable Software and Affected Versions: xml2rfc versions 3.12.0 through 3.26.0 Description: The issue concerns XML External Entity XXE injection attacks. It was discovered that xml2rfc does not respect the --allow-local-file-access flag when a local file is specified as src in...

IBM Maximo Application Suite Information Disclosure Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An information disclosure vulnerability exists in IBM Maximo Application Suite that stems from allowing...

CVE-2022-23768

This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device...

Improper Privilege Management

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Improper...

CVE-2020-27176

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...

CVE-2024-6297

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...

CVE-2024-28200

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found (Low) CVE-2024-35144

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found Low CVE-2024-35144. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35144 DESCRIPTION: IBM Maximo...

Security Bulletin: IBM Datapower Operations Dashboard could allow an attacker to map URLs to filesystem locations that are unreachable by any URL CVE-2024-38475

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network implementation Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to...

PT-2025-2793 · Autolib Software Systems · Autolib Software Systems Opac

Name of the Vulnerable Software and Affected Versions: AutoLib Software Systems OPAC version 20.10 Description: The issue concerns exposed API keys within the source code. Attackers may use these keys to access the backend API or other sensitive information. Recommendations: For AutoLib Software...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

GHSA-4GF7-FF8X-HQ99 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Summary Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. By using...

Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Summary Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. By using...

Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Summary Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Details While Vite patched the default CORS settings to fix https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6, nuxt uses its own CORS handler by...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to read cms source code by manipulating the filename in the file parameter of a GET request...

CVE-2024-57549

CMSimple 5.16 is affected by an information-disclosure vulnerability where an attacker can read the CMS source code by manipulating the file parameter in a GET request. The root cause is insufficient restriction of the path in the file parameter, enabling access to restricted files. Impact stated...