Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery

Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. id: CVE-2019-18394 info: name: Ignite Realtime Openfire =4.4.3 to fix this vulnerability. reference: -...

CVE-2026-32131 ZITADEL Cross-Tenant Information Disclosure in Management API

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

DEBIAN-CVE-2025-13947

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser...

EUVD-2019-2872

Malware in sbrugna...

EUVD-2016-9490

Malware in sbrugna...

EUVD-2012-5969

Malware in sbrugna...

EUVD-2024-51224

Malicious code in bioql PyPI...

EUVD-2024-33362

Malicious code in bioql PyPI...

GHSA-G4VP-4GQR-7V8C Liferay Portal Enumeration Discrepancy in Calendars

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by...

CVE-2025-24520

Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access...

GitLab Enterprise Edition和GitLab Community Edition 代码问题漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A code issue exists in GitLab Enterprise Edition EE and GitLab Community Edition CE,...

CVE-2024-12658

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This issue affects the function 0x8001E01C in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required t...

Design/Logic Flaw

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

UBUNTU-CVE-2023-34254

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

PT-2023-24778 · Unknown +1 · Glpi Agent +1

Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.5 Description: The issue affects the GLPI Agent, a generic management agent, when running the remoteinventory task against a Unix platform using the ssh command. An administrator user on the remote system can...

CVE-2022-2508

In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...

DRUPAL-CONTRIB-2021-005

The Fast Autocomplete module provides fast IMDB-like suggestions below a text input field. Suggestions are stored as JSON files in the public files folder so that they can be provided to the browser relatively fast without the need for Drupal to be bootstrapped. The module doesn't correctly...

DEBIAN-CVE-2020-8696

Improper removal of sensitive information before storage or transfer in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2019-0173

Authentication bypass in the web console for IntelR Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access...

CVE-2018-12161

Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access...