CVE-2025-56423

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

EUVD-2025-198802

Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /displaylogo endpoint...

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

CVE-2025-60916

A reflected cross-site scripting XSS vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter...

PT-2025-47927

An issue in Austrian Academy of Sciences AW Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages...

CVE-2025-60917

CVE-2025-60917 is a reflected XSS in Austrian Archaeological Institute Openatlas prior to v8.12.0, discovered via the /overview/network/ endpoint where an attacker injects a payload into the color parameter to run code in a user’s browser. The vulnerability arises from unvalidated/reflected input...

CVE-2025-56423

CVE-2025-56423 affects OpenAtlas v8.12.0 from the Austrian Academy of Sciences. A login error message handling flaw can disclose sensitive information to remote attackers, exposing confidentiality. Connected sources (Red Hat, EU ENISA, OSV, NVD, CVE listing) corroborate the issue description but ...

UBUNTU-CVE-2025-60020

nncp before 8.12.0 allows path traversal for reading or writing during freqing and file saving via a crafted path in packet data...

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2025-036-01)

The version of curl installed on the remote host is prior to 8.12.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-036-01 advisory. New curl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Atlassian Jira 8.6.0 < 8.12.0 Project Key Enumeration

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.17, 7.14.x prior to 8.5.8 or 8.6.x prior to 8.12.0. It is, therefore, affected by a vulnerability that permits remote attackers to enumerate project keys via an Informati...

Proofpoint Spam Engine 访问控制错误漏洞

Proofpoint Spam Engine is an email filter from Proofpoint USA, Inc. It is used to filter inbound and outbound email traffic for service filtering organizations. An Access Control Error vulnerability exists in Proofpoint Spam Engine, which stems from the product allowing .dat files to be sent via...

Tenable Nessus 8.9.0 - 8.12.0 File Copy Vulnerability (TNS-2020-08) - Windows

Tenable Nessus is prone to a file copy vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus";...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...

CVE-2020-14181

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...

Vulnerability fixed in Atlassian Jira

Vulnerable versions of Atlassian Jira Server and Data Center allow a remote malicious person to enumerate project keys via a vulnerability in the /browse.PROJECTKEY endpoint. Atlassian has made version 8.12.0 of Jira available. More information can be found on the following page:...

CVE-2020-14178

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 befo...