GHSA-4255-C27H-62M5 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

The sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log...

Axios 代码问题漏洞

Axios is an HTTP client based on Promise a solution for asynchronous programming from the Axios open source. A code issue vulnerability exists in Axios versions prior to 1.8.2 that stems from passing absolute URLs could lead to SSRF and credential disclosure...

WordPress Plugin Campaign URL Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Nextcloud 访问控制错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Mail versions prior to 1.4.3, and prior to 1.8.2, which can be exploited by an authenticated attacke...

EdgeMAX EdgeSwitch Command Injection Vulnerability

Ubiquiti Networks EdgeMAX EdgeSwitch is a PoE+ Gigabit switch from Ubiquiti Networks, Inc. A command injection vulnerability exists in Ubiquiti Networks EdgeMAX EdgeSwitch versions prior to 1.8.2. The vulnerability stems from a network system or product not properly filtering specific elements of...

CVE-2019-5446

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root...