22 matches found
D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. id: CVE-2024-3274 info: name: D-LINK...
CVE-2026-9378
Edimax BR-6675nD (firmware 1.12) is affected by CVE-2026-9378 due to a vulnerability in the POST Request Handler, specifically in formHwSet (/goform/formHwSet). The issue allows manipulation of arguments regDomain, ABandregDomain, nic0Addr, nic1Addr, wlanAddr, inicAddr to trigger command injectio...
CVE-2026-3661 Wavlink WL-NU516U1 adm.cgi ota_new_upgrade command injection
A flaw has been found in Wavlink WL-NU516U1 240425. This affects the function otanewupgrade of the file /cgi-bin/adm.cgi. This manipulation of the argument model causes command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor wa...
CVE-2025-30086
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter...
CVE-2025-20101
Out-of-bounds read for some IntelR Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access...
CVE-2025-1993
CVE-2025-1993 affects IBM App Connect Enterprise Certified Container DesignerAuthoring instances where flows are stored in a database protected by weaker than expected cryptographic algorithms, potentially exposed to a local user. IBM bulletin (CVE-2025-1993) details affected products/versions: A...
CVE-2024-56467
Affected product/versions: IBM EntireX 11.1. Vulnerability: Local users may obtain sensitive information when a detailed technical error message is returned. The issue corresponds to CWE-209 (Generation of Error Message Containing Sensitive Information). Impact (as per sources): Information discl...
CVE-2025-24899 Disclosure of Sensitive User Information via API in reNgine
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where an insider attacker with any role such as Auditor, Penetration Tester, or Sys Admin can extract sensitive information from other reNgine users. After running a scan and obtainin...
CVE-2024-45653 IBM Sterling Connect:Direct Web Services information disclosure
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system...
SUSE-SU-2025:0105-1 Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059167 fixes several issues. The following security issues were fixed: - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637. -...
CVE-2025-21294
creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:20:31+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpuivp6wu2r 2025-01-14 18:48:54+00:00| seen|...
CVE-2024-11559
creationtimestamp| type| source ---|---|--- 2024-11-21 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1558/...
CVE-2023-52823
...
jclocksmiths.com Improper Access Control vulnerability OBB-3801894
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-5441 NULL Pointer Dereference in vim/vim
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960...
adoptapet.shelterbuddy.com.au Cross Site Scripting vulnerability OBB-3528861
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
old.physique-ens-cachan.educ.space Cross Site Scripting vulnerability OBB-1442269
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
aviationwannabes.com Cross Site Scripting vulnerability OBB-1438954
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2015-4855
...
newopenx.detik.com Open Redirect vulnerability
Vulnerable URL: http://newopenx.detik.com/delivery/ck.php?oaparams=2bannerid=22013zoneid=316cb=561259df5foadest=https://www.xssposed.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclose...