18 matches found
PT-2026-33321
Name of the Vulnerable Software and Affected Versions @fastify/static versions 8.0.0 through 9.1.0 Description Path traversal occurs when directory listing is enabled via the list option. The dirList.path function resolves directories outside the configured static root using path.join without a...
CVE-2026-34020
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...
CVE-2026-33005 Apache OpenMeetings: Insufficient checks in FileWebService
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...
CVE-2026-33005
Apache OpenMeetings is affected by an Improper Handling of Insufficient Privileges vulnerability. A registered user can query the web service with their credentials and retrieve metadata (e.g., id, type, name, and other FileItemDTO fields) for files and sub-folders of any folder by ID, with no co...
CVE-2026-33005
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...
CVE-2026-34020
CVE-2026-34020 affects Apache OpenMeetings (versions 3.1.3 through 8.9.99). The REST login endpoint uses HTTP GET with username and password passed as query parameters, exposing credentials in server logs, browser history, and potentially network monitoring. The issue is mitigated by upgrading to...
CVE-2026-34020
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...
CVE-2026-23635
Kiteworks Secure Data Forms (PDN) has a vulnerability affecting versions prior to 9.2.1 due to a misconfiguration of security attributes that could lead to Unprotected Transport of Credentials. The issue is documented across CVE-2026-23635 with a CVSSv3.1 base score of 6.5 (Network, High attack v...
Linux Distros Unpatched Vulnerability : CVE-2021-39210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie when a user uses the remember...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview System.Formats.Nrbf is a package that exposes only one component: NrbfDecoder: a stateless, forward-only decoder class that can decode .NET Remoting Binary Format NRBF binary data from a stream. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Typ...
GHSA-PJJW-QHG8-P2P9 aiohttp has vulnerable dependency that is vulnerable to request smuggling
Summary llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ which is included in aiohttp 3.8.6+...
PT-2023-25855 · Unity +1 · Unity Parsec +1
Name of the Vulnerable Software and Affected Versions: Unity Parsec versions prior to 9 Parsec Loader versions prior to 9 Description: The issue is a Time-of-check-to-time-of-use TOCTOU race condition that allows local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per Use...
PT-2023-3347
Name of the Vulnerable Software and Affected Versions: Arcserve UDP versions 7.0 through 9.0.6034 Description: The issue allows authentication bypass, enabling an attacker to obtain a valid session and execute tasks as an administrator. This is achieved by exploiting the getVersionInfo method at...
PT-2023-21746 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Concrete CMS previously concrete5 versions prior to 9.2 Description: The issue is related to Stored XSS on Tags on uploaded files. This allows for malicious code to be stored and...
CVE-2023-1369
A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects the function 0x82730088 in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. T...
CVE-2022-32156
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface CLI did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI...
PT-2021-24261 · Raw-Cpuid · Raw-Cpuid
Name of the Vulnerable Software and Affected Versions: raw-cpuid crate versions prior to 9.1.1 Description: The issue arises when the non-default serialize feature is activated, allowing most structs to implement serde::Deserialize without sufficient validation. This can lead to breaking invarian...
PT-2020-4343 · Teclib +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.1 Description: The issue is related to the Clone feature in the GLPI system, which is vulnerable due to incorrect neutralization of special elements used in SQL queries. This allows a remote attacker to execute...