Lucene search
K

74 matches found

NVD
NVD
added 2025/04/21 2:15 p.m.25 views

CVE-2025-43916

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirecturi containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have...

3.4CVSS0.00178EPSS
Exploits0References1
HackRead
HackRead
added 2025/04/15 7:39 p.m.184 views

4chan Breached? Hacker from Rival Soyjak Forum Claims Source Code Leak

UPDATE: Hackread.com has reviewed internal Discord chat logs from 4chan's Discord server, which confirm the breach...

7.3AI score
Exploits0
CVE
CVE
added 2025/04/03 4:48 p.m.74 views

CVE-2025-32054

CVE-2025-32054 affects JetBrains IntelliJ IDEA prior to 2024.3, including 2024.2.4. The issue is a logging vulnerability where source code could be written to the idea.log file, potentially exposing sensitive information. The root cause is that certain source code content is logged during normal ...

3.3CVSS7.3AI score0.00375EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/02/28 12:0 a.m.4 views

SysPass 安全漏洞

SysPass is a system password manager by RubénD Personal Developer. A security vulnerability exists in SysPass version 3.2.x. The vulnerability stems from the file upload feature not handling special characters correctly, resulting in a source code leak...

6.5CVSS7.2AI score0.00398EPSS
Exploits1References3
CVE
CVE
added 2025/01/25 2:24 p.m.63 views

CVE-2024-35144

The CVE-2024-35144 case affects IBM Maximo Application Suite Monitor Component (versions 8.10, 8.11, 9.0). Description: the Monitor Component stores source code on the web server, creating potential disclosure of sensitive information (CWE-540). Impact is information disclosure that could aid fur...

5.3CVSS5.4AI score0.00295EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/25 2:24 p.m.10 views

CVE-2024-35144 IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

5.3CVSS5.3AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/25 2:24 p.m.27 views

CVE-2024-35144 IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

5.3CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2025/01/25 12:49 a.m.46 views

CVE-2025-24360

CVE-2025-24360 affects the Nuxt framework (Vue.js) prior to v3.15.3, with v3.8.1–v3.15.3 vulnerable due to default CORS settings that allow any origin to send requests to the development server and read responses. Several sources corroborate that, when using the Vite builder with the default serv...

5.3CVSS5.5AI score0.00529EPSS
Exploits0References6
PyPA
PyPA
added 2024/10/10 10:15 p.m.7 views

PYSEC-2024-197

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

5.3CVSS6.7AI score0.00421EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/10 10:15 p.m.8 views

PYSEC-2024-197

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

5.3CVSS5.2AI score0.00421EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/08/01 4:12 p.m.7 views

MTN Group: Yet Another OTP code Leaked in the API Response

The OTP code was leaked in the API response, which compromised the purpose of its implementation. The application requested a phone number for authentication and sent an OTP code to the user, but the OTP was returned in the API response, exposing it to potential misuse...

7.5AI score
Exploits0
Hacker One
Hacker One
added 2024/07/31 8:43 p.m.8 views

MTN Group: OTP code Leaked in API Response

The application allowed users to sign up for device insurance. When getting a quote, an OTP code was sent to the user's phone number for authentication, but the same OTP code was also returned in the API response...

7.1AI score
Exploits0
OSV
OSV
added 2024/07/22 3:15 p.m.4 views

CVE-2024-41829

In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2023/12/12 5:15 p.m.7 views

CVE-2023-4421

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

6.5CVSS6.3AI score
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2023/08/10 10:0 a.m.27 views

Leaked Yandex Code Breaks Open the Creepy Black Box of Online Advertising

As the international tech giant moves toward Russian ownership, the leak raises concerns about the volume of data it has on its users...

7AI score
Exploits0
OSV
OSV
added 2023/08/09 8:15 p.m.6 views

CVE-2023-33468

KramerAV VIA Connect 2 and VIA Go 2 devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical scree...

9.1CVSS5.8AI score0.00638EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2023/02/16 10:13 a.m.2 views

ESXiArgs Ransomware Hits Over 500 New Targets in European Countries

More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine. The findings come from attack surface management firm Censys, which discovered "two hosts with strikingly similar ranso...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/07 7:28 p.m.316 views

Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

Just days after leaking data it claims to have exfiltrated from chipmaker NVIDIA, ransomware group Lapsus$ is claiming another international company among its victims — this time releasing data purportedly stolen from Samsung Electronics. The consumer electronics giant confirmed in a media...

8.7AI score
Exploits0References12
OSV
OSV
added 2021/06/11 7:15 a.m.3 views

CVE-2021-28805

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versio...

5.5CVSS6.1AI score0.00238EPSS
Exploits0References1
Gitee
Gitee
added 2021/04/27 2:32 p.m.4 views

glimmer_pocs

This is a proof-of-concept PoC repository for the tool "glimmer". The repository contains various PoCs for different types of vulnerabilities and information disclosure. The PoCs are implemented as Python scripts, each targeting a specific vulnerability or information disclosure. The PoCs are...

7.7AI score
Exploits0
Rows per page
Query Builder