Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the workflowtemplateserver and clusterworkflowtemplateserver components. An attacker can obtain sensitive information, such as embedded secrets and resource manifests, by sending unauthorized requests with a...

Improper Isolation or Compartmentalization

Overview org.apache.syncope.core:syncope-core-provisioning-java is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license. Affected versions of this package are vulnerable to Improper Isolation or...

PT-2024-20046 · Savignano · S/Notify

Name of the Vulnerable Software and Affected Versions: savignano S/Notify versions prior to 4.0.2 for Jira Description: A Cross Site Request Forgery CSRF issue allows attackers to manipulate a user's S/MIME certificate or PGP key via a malicious link or email. Recommendations: For versions prior ...

UBUNTU-CVE-2023-34237

SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...

PT-2023-24761 · Sabnzbd +1 · Sabnzbd +1

Name of the Vulnerable Software and Affected Versions: SABnzbd versions prior to 4.0.2 Description: A design flaw in SABnzbd could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd...

UBUNTU-CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...