CVE-2024-50701

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...

CVE-2024-50701

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...

CVE-2024-50701

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...

TeamPass 安全漏洞

TeamPass is an open source password manager from the individual developer Nils Laumaillé. A security vulnerability exists in versions prior to TeamPass 3.1.3.1, which stems from the inability to properly check whether a folder is located in an administrator-defined list of user-allowed folders wh...

PT-2025-3791 · Iobit · Iobit Protected Folder

Name of the Vulnerable Software and Affected Versions: IOBit Protected Folder versions up to 1.3.0 Description: A problem has been found in the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. This issue leads to null pointer dereference. The attack must be approached...

PT-2025-3792 · Iobit · Iobit Protected Folder

Name of the Vulnerable Software and Affected Versions: IObit Protected Folder versions up to 13.6.0.5 Description: A problem has been found in the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler, which leads to null pointer dereference. The...

PT-2025-3793 · Iobit · Iobit Protected Folder

Name of the Vulnerable Software and Affected Versions: IObit Protected Folder versions up to 13.6.0.5 Description: A vulnerability was found in the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to nu...

CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

CVE-2024-56159

Astro CVE-2024-56159 describes an information-disclosure vulnerability where sourcemap files for server code are published publicly during build, enabling unauthenticated access to server source. Affected: server-output (SSR) projects on Astro 5.x from 5.0.3–5.0.7 with sourcemaps enabled; fix rel...

Astro's server source code is exposed to the public if sourcemaps are enabled

Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...

PT-2024-29839 · Unknown · Edgecross Basic Software For Windows +1

Name of the Vulnerable Software and Affected Versions: Edgecross Basic Software for Windows versions 1.00 and later Edgecross Basic Software for Developers versions 1.00 and later Description: The issue allows a malicious local attacker to execute arbitrary malicious code, resulting in informatio...

PT-2024-36726

Name of the Vulnerable Software and Affected Versions Astro versions 4.16.17 and earlier Astro versions 5.0.3 through 5.0.7 Astro versions 5.0.8 and earlier for static-output projects Description A bug in the build process of Astro allows any unauthenticated user to read parts of the server sourc...

WordPress plugin Easy cache 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-11872

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target...

Siemens COMOS XXE Injection Vulnerability

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. Siemens COMOS suffers from an XXE injection vulnerability that can be exploited by an...

CVE-2024-11823

The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11823 Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11823 Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Folder Gallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...