97 matches found
CVE-2024-54027
A Use of Hard-coded Cryptographic Key vulnerability CWE-321 in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access t...
CVE-2025-26701
An issue was discovered in Percona PMM Server OVA before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3...
CVE-2025-1321
CVE-2025-1321 concerns the WordPress teachPress plugin. Connected sources confirm a SQL Injection via the tpsearch shortcode’s order parameter in all versions up to 9.0.7, caused by insufficient escaping and improper SQL query preparation. An authenticated attacker with Contributor-level access o...
Linux Distros Unpatched Vulnerability : CVE-2018-7225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to...
CVE-2024-5503
The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...
CVE-2024-55504
An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploitcombined.dylib component on MacOS...
PT-2024-33516 · Samsung · Samsung Pass
Name of the Vulnerable Software and Affected Versions: Samsung Pass versions prior to 4.4.04.7 Description: The issue is related to improper authentication in the Private Info feature of Samsung Pass, allowing physical attackers to access sensitive information in a specific scenario...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed for Mac computers by Apple, Inc. A security vulnerability exists in Apple macOS version 15, which stems from an application that may be able to access sensitive user data...
CVE-2024-8801 Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...
CVE-2024-8801 Happy Addons for Elementor <= 3.12.2 - Authenticated (Contributor+) Sensitive Information Exposure
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...
ROS-20240902-23
A vulnerability in the Flatpak application and environment management tool is related to improper Neutralization of special output elements used by a downstream component. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data and compromise its integrity...
CVE-2024-36535
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
Sensitive Information Disclosure
mautic/core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to inadequate user permission settings. An attacker can access areas of the application that they should be prevented from accessing by exploiting these settings. This could potentially lead to the access of...
CVE-2023-48257
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...
PT-2023-27967 · Unknown · Jeecg-Boot
Name of the Vulnerable Software and Affected Versions: jeecg-boot version 3.5.3 Description: The issue allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. This is a SQL injection vulnerability, which means attackers can inject...
About the security content of watchOS 10.2
About the security content of watchOS 10.2 This document describes the security content of watchOS 10.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...
CVE-2023-46493
CVE-2023-46493 affects EverShop NPM prior to 1.0.0-rc.8. The vulnerability is a directory traversal in the readDirSync function of fileBrowser/browser.js, allowing a remote attacker to obtain sensitive information. Affected component: EverShop NPM ( frontend/backend codebase as described in sourc...
PT-2023-24663 · Ransack +2 · Ransack +2
Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.3 Description: Decidim, a participatory democracy framework written in Ruby on Rails, uses a third-party library named Ransack for filtering certain database collections. By default, this library allows filterin...
CVE-2023-27568
SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchFormsearchText=...
CVE-2023-1966
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...