4772 matches found
CVE-2025-30168 Parse Server has an OAuth login vulnerability
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse...
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
CVE-2025-27221
CVE-2025-27221 affects the Ruby URI module (URI.join, URI#merge, URI#+). The root issue is leakage of userinfo credentials when the host is changed, as userinfo is retained. This impacts versions of the URI gem prior to 1.0.3; the issue is fixed in 1.0.3 and later. If exploited, credential exposu...
Security Bulletin: Multiple security vulnerabilities in Cloud Pak foundational services are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001
Summary IBM Cloud Pak for Business Automation 24.0.1-IF001 updates the version of IBM Cloud Pak foundational services to address multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper...
CVE-2024-37362
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...
CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...
CVE-2024-37362
CVE-2024-37362 affects Hitachi Vantara Pentaho Data Integration & Analytics. The vulnerability arises because the product transmits or stores authentication credentials using an insecure method, leading to potential disclosure of credentials (e.g., database passwords) when saving connections to R...
Adobe Experience Manager cross-scripting vulnerability (CNVD-2025-03621)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)
During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers MFPs were vulnerable to pass-back attacks. The affected products identified were: Xerox Versalink MFPs Firmware Version: 57.69.91 and earlier This issue has been assigned the following CVEs: CVE-2024-1251...
CVE-2025-25184 Possible Log Injection in Rack::CommonLogger
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...
[SECURITY] [DSA 5849-1] git-lfs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5849-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2025 https://www.debian.org/security/faq -...
ABB Cylon Aspect 3.08.02 Cookie User Password Disclosure
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The application suffers from cleartext transmission and storage of...
Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in CKEditor
Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in CKEditor Vulnerability Details CVEID:CVE-2021-32808 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used alongside the...
Cross-site scripting vulnerability in multiple Mozilla products (CNVD-2024-48562)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...
CVE-2024-45068 Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01...
CVE-2023-50310
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...
CVE-2024-47870
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker ca...
CVE-2024-47870 Race condition in update_root_in_config may redirect user traffic in Gradio
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker ca...