11 matches found
Quiz sites trick users into enabling unwanted browser notifications
Our support team flagged a number of customers who suspected their device might be infected with malware, but Malwarebytes scans came up empty. When the customers provided screenshots, our Malware Removal Support team quickly recognized the format as web push notifications. The reason the scans...
CVE-2026-27464
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileg...
CVE-2026-27464 Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileg...
PT-2026-21369
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. During testing, it was confirmed that a low-privileg...
PT-2023-28111 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 774 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows an attacker to carry out XSS attacks when a user opens...
Siemens SCALANCE 安全漏洞
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...
CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...
CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...
CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...
PT-2019-15927 · Dovecot +1 · Dovecot +1
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.9.2 Description: The issue allows an attacker to crash a push-notification driver with a crafted email when push notifications are used, due to a NULL Pointer Dereference. This can be achieved by using a group...
GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201803-09 KDE Plasma Workspaces: Multiple vulnerabilities Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details. Impact : An attacker could execute arbitra...