CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage

NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

EUVD-2021-1270

Malware in sbrugna...

PT-2023-19676 · Sap · Sap Fiori Apps For Travel Management +1

Name of the Vulnerable Software and Affected Versions: SAP Fiori apps for Travel Management in SAP ERP My Travel Requests version 600 Description: The issue allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally...

SAP SuccessFactors 安全漏洞

SAP SuccessFactors is a cloud-based hcm software application from SAP, Germany. SAP SuccessFactors suffers from an elevation of privilege vulnerability that stems from an application endpoint misconfiguration. An attacker could use the vulnerability to elevate privileges and read or write...

GHSA-XV7J-2V4W-CJVH OpenStack Glance logs user name and password in cleartext

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...