11 matches found
CVE-2026-47225
Type: CVE-2026-47225 affects Typesense search engine. A cache isolation flaw in versions prior to 29.1 and 30.2 affects requests that use both server-side search result caching and Scoped Search API Keys. Under certain request ordering, cached results could be reused across requests with differen...
PT-2026-48945
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across...
CVE-2026-40584
RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/api/genericapi.py. Because the code removes elements from a list while iterating over it, entries...
EUVD-2022-1150
Malicious code in bioql PyPI...
CVE-2020-13676
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module which comes with the Standard profile is installed...
CVE-2020-13676
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module which comes with the Standard profile is installed...
PT-2022-8503 · Drupal · Drupal Quickedit Module
Name of the Vulnerable Software and Affected Versions: Drupal QuickEdit module affected versions not specified Description: The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the...
Drupal 8.x < 8.9.19, 9.x < 9.1.13, 9.2.x < 9.2.6 Multiple Vulnerabilities (SA-CORE-2021-006, SA-CORE-2021-007, SA-CORE-2021-008, SA-CORE-2021-009, SA-CORE-2021-010) - Linux
Drupal is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-24000
A race condition with requestPointerLock and setTimeout could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements such as input type="file" this could have led to an attack where a user was confused about the origin...
MTN Group: OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions
Summary: https://play.mtn.co.za/ authenticates subscribers via OTP before their subscriptions to be changed. However, the request which sends the OTP also returns the OTP in the network response, allowing an attacker to manage a user's usbscriptions. Steps To Reproduce: 1. Visit...
CVE-2018-7496
An Information Exposure issue was discovered in OSIsoft PI Vision versions 2017 and prior. The server response header and referrer-policy response header each provide unintended information disclosure...