CVE-2019-14712

Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation...

CVE-2024-43370

gettext.js is a GNU gettext port for Node and browsers. The CVE-2024-43370 vulnerability is a cross-site scripting (XSS) vulnerability triggered when .po dictionary files are corrupted. The issue has been fixed in version 2.0.3. A workaround is to control the origin of the dictionary catalog to p...

CVE-2023-52252

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint...

Unified Remote Security Vulnerability

Unified Remote is a smartphone application that enables a cell phone to become a wireless universal remote control. A security vulnerability exists in Unified Remote version 3.13.0, which stems from a security issue in the wildcard Access-Control-Allow-Origin for remote upload endpoints, allowing...

IBM Trusteer Pinpoint Information Disclosure Vulnerability

IBM Trusteer Pinpoint is an information security software from International Business Machines Corporation IBM that detects the authenticity of the counterparty in a transaction and the risk level of the transaction to protect the user's economic transactions. An information disclosure...

Console: CORS headers set to allow all in Red Hat AMQ

It was found that the Hawtio console setting for the Access-Control-Allow-Origin header permits unrestricted sharing allow all. An attacker could use this flaw to access sensitive information or perform other attacks...