107 matches found
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by double encoding of URIs in multiple locations. The vulnerability can be exploited by an attacker to obtain sensitive information...
PT-2025-38661
Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 versions 3.46.0.8 and earlier Description A deserialization issue exists in h2oai/h2o-3 versions 3.46.0.8 and earlier, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability is due to improp...
CVE-2024-28344
An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encoded URL...
PT-2025-11061 · Google · Android
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A flaw exists that may allow access to content across user profiles due to URI double encoding. This could result in local information disclosure without...
ASB-A-376259166
In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Sipwise C5 NGCP Dashboard 安全漏洞
Sipwise C5 NGCP Dashboard is a management interface from Sipwise that is used to manage and monitor various features and services of the Sipwise C5 Next Generation Communication Platform NGCP. A security vulnerability exists in Sipwise C5 NGCP Dashboard versions prior to mr11.5.1, which stems fro...
CVE-2024-28864
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...
[TagAwareCipher] - Decryption Failure (Regex Match)
Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...
GHSA-RJ29-J2G4-77Q8 [TagAwareCipher] - Decryption Failure (Regex Match)
Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...
CVE-2023-0479
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...
Cross site scripting
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...
CVE-2023-0479 Print Invoice & Delivery Notes for WooCommerce < 4.7.2 - Reflected XSS
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...
CVE-2023-0479
The CVE-2023-0479 entry affects the WordPress plugin Print Invoice & Delivery Notes for WooCommerce, prior to version 4.7.2. The issue is a reflected XSS vulnerability in an admin note on the WooCommerce orders page, caused by echoing a GET value after a urldecode() cleanup (post-esc_url_raw()), ...
Gitlab -- vulnerabilities
Gitlab reports: Smartcard authentication allows impersonation of arbitrary user using user's public certificate When subgroup is allowed to merge or push to protected branches, subgroup members with the Developer role may gain the ability to push or merge The GitLab web interface does not ensure...
keycloak: path traversal via double URL encoding
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. Thi...
keycloak: path traversal via double URL encoding
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. Thi...
keycloak: path traversal via double URL encoding
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. Thi...
keycloak: path traversal via double URL encoding
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. Thi...
keycloak: path traversal via double URL encoding
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. Thi...
keycloak: path traversal via double URL encoding
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. Thi...