CVE-2025-61653

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61653

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

UBUNTU-CVE-2025-61653

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61653 Extension:TextExtracts does not check for authorizeRead when returning extracts

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61653

Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61653

CVE-2025-61653 affects Wikimedia TextExtracts via ApiQueryExtracts.php and impacts TextExtracts versions before 1.39.14, 1.43.4, 1.44.1. Debian advisory DSA-6085-1 lists fixes: bookworm 1.39.17-1~deb12u1 and trixie 1.43.6+dfsg-1~deb13u1. Upgrading to these versions mitigates the vulnerability. Ex...

MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

CVE-2025-62667 Stored XSS through article extracts in GrowthExperiments

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...

CVE-2025-62667 Stored XSS through article extracts in GrowthExperiments

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Stored XSS.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39...

CVE-2025-62667

CVE-2025-62667 is a stored XSS vulnerability in the MediaWiki GrowthExperiments Extension. The issue arises from improper neutralization of user-supplied input during web page generation, allowing injected scripts/HTML via the extension’s handling of article extracts. Affected component: GrowthEx...

PT-2025-42566

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to missing authorization checks for the extracts endpoint. This could potentially allow unauthorized access to data. Recommendations At the moment, ther...

PT-2024-38167

Name of the Vulnerable Software and Affected Versions: eWeLink affected versions not specified Description: A local attacker can decrypt TLS communication and extract secrets to clone the device via flashing modified firmware due to a missing SSL pinning implementation. Recommendations: At the...

Malicious code in Be.Vlаandereո.Bаsisregisters.GrAr.Extrаcts (NuGet)

--- -= Per source details. Do not edit below this line.=-...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 10.11.0 that stems from the ability to edit data extracts on the API...

CVE-2024-21667 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts

pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not...

GHSA-G273-WPPX-82W4 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts

Summary An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Details Permissions do not seem to be enforced when reaching the /admin/customermanagementframework/gdpr-data/search-data-objects...

CLSA-2022-1654717100 Fix CVE(s): CVE-2022-1664

SECURITY UPDATE: Directory traversal issue in dpkg-source - scripts/Dpkg/Source/Archive.pm: Prevent directory traversal for in-place extracts. - CVE-2022-1664...

CVE-2022-1664 directory traversal for in-place extracts with untrusted v2 and v3 source packages with debian.tar

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction ca...

Whoc - A Container Image That Extracts The Underlying Container Runtime

A container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform! WhoC at Defcon 29 Cloud Village Azurescape - whoc-powered research, the first cross-account container takeover in the...

rConfig 3.9 - 'searchColumn' SQL Injection

Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr Date: 2020-03-03 CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig...