11 matches found
CVE-2026-22645
The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...
CVE-2026-22645
The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...
CVE-2026-22645
The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...
CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...
GHSA-9HHF-XMCW-R3XG phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...
CVE-2023-3362
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub...
CVE-2023-3362
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub...
CVE-2023-3362
Removed by vendor...
CVE-2023-3362 Generation of Error Message Containing Sensitive Information in GitLab
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub...
TeamPass information exposure vulnerability
TeamPass prior to 3.0.10 allows unauthenticated actors to view application-specific and user data and files by viewing an endpoint directory listing...
CVE-2022-34906
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests...