136 matches found
EUVD-2020-23748
Malware in sbrugna...
EUVD-2005-2429
Malware in sbrugna...
EUVD-2000-0102
Malware in sbrugna...
EUVD-2024-22114
Malicious code in bioql PyPI...
EUVD-2022-4618
Malicious code in bioql PyPI...
EUVD-2023-28429
Malicious code in bioql PyPI...
EUVD-2025-32240
Malicious code in bioql PyPI...
EUVD-2025-27980
Malicious code in bioql PyPI...
FreshRSS 访问控制错误漏洞
FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. An access control error vulnerability exists in FreshRSS versions 1.16.0 through 1.26.3, which stems from an unauthorized attacker can create an administrator account using hidden fields when the registration feature is...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the Connection module. An attacker can access sensitive connection details by using READ permissions through both the API and the UI due to the regression that allows to bypass the...
Linux Distros Unpatched Vulnerability : CVE-2020-1779
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When dynamic templates are used OTRSTicketForms, admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects:...
Linux Distros Unpatched Vulnerability : CVE-2024-43429
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the view hidden user fields...
CVE-2025-40667
Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302...
CVE-2024-4604
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...
CVE-2023-30843
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a...
GHSA-HG9M-67MM-7PG3 Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
Summary field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a where clause with multiple...
CVE-2024-30527
Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout Accept PayPal Payments allows Manipulating Hidden Fields.This issue affects WP Express Checkout Accept PayPal Payments: from n/a through 2.3.7...
UBUNTU-CVE-2024-43429
A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information...
CVE-2024-4604
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...
CVE-2024-4604
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Magarsus Consultancy SSO Single Sign On allows Manipulating Hidden Fields. This issue affects SSO Single Sign On: from 1.0 before 1.1...