Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that originates from accessing websites that may disclose...

CVE-2022-20634

Cisco Enterprise Chat and Email (ECE) Web-based management interface vulnerability (CVE-2022-20634) allows an unauthenticated, remote attacker to cause user redirection to a malicious URL via crafted links. Root cause: improper input validation of URL parameters in HTTP requests. Affects Cisco EC...

CVE-2024-27992

CVE-2024-27992 is a Reflected XSS in the WordPress plugin Link Whisper Free . Public disclosures indicate the vulnerability affects versions from some unspecified start up to and including 0.6.8, with the issue present in the Free edition and not in Pro as described in sources. Multiple CVE recor...

CVE-2024-1216

...

autoline24.ba Cross Site Scripting vulnerability OBB-3851671

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-28077

Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user...

CVE-2023-1777 Information disclosure in linked message previews

Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message...

Default credentials

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive...

CVE-2022-1726 Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...

Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary Vulnerabilities in the Linux Kernel such as execution of arbitrary code, denial of service, bypassing security restrictions, and obtaining or disclosing of information may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25212 DESCRIPTION: Linux Kernel could allow a...

CVE-2021-39884

In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project...

Design/Logic Flaw

A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...

purchasetacvisor.com Cross Site Scripting vulnerability OBB-1393443

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Code injection

OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files...

Information disclosure

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766...

Code injection

The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 1.35 and/or 1.34 mishandles certain HTML attributes, as demonstrated by IMG onmouseover= impact is XSS and IMG src=http impact is disclosing the client's IP address. This can occur within a talk page topical header that is viewed...

Security Bulletin: WebSphere MQ is vulnerable to disclosing side channel information via discrepencies between valid and invalid PKCS#1 padding. ROBOT. (CVE-2018-1388)

Summary WebSphere MQ is affected by the ROBOT vulnerability where it may disclose side channel information via discrepencies between valid and invalid PKCS1 padding. Vulnerability Details CVEID: CVE-2018-1388 DESCRIPTION: IBM MQ is vulnerable to TLS implementations may disclose side channel...

JOOMLA CMS 1.0.7 DoS & path disclosing

RST/GHC -- JOOMLA CMS -- ADVISORY 37 Product: Joomla Affected version: 1.0.7 Last version: 1.0.7 Vendor: Joomla! URL: http://www.joomla.org/ online demo: http://demo.joomla.org/ VULNERABILITY CLASS: DoS, path disclosing Product Description Joomla! is a Content Management System CMS created by the...