34 matches found
CVE-2026-56302
Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs...
CVE-2026-45180
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003752)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003752 advisory. The Linux kernel 4.x starting from 4.1 and 5.x before 5.0.8 allows Information Exposure partial kernel address disclosure, leading to a KASLR bypass. Specifically, i...
CVE-2025-14901
CVE-2025-14901 presented by Wordfence: The Bit Form – Contact Form Plugin for WordPress (all versions up to 2.21.6) has a logic flaw in the triggerWorkFlow AJAX action where nonce verification only blocks requests if both the nonce check fails and the user is logged in. This enables unauthenticat...
Linux Distros Unpatched Vulnerability : CVE-2025-62397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The router's inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. CVE-2025-62397 No...
EUVD-2022-24716
Malicious code in bioql PyPI...
EUVD-2025-1723
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-26357
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a...
CVE-2024-9014
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...
CVE-2023-21436
Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID...
CVE-2022-1400
CVE-2022-1400 affects Device42 CMDB versions prior to 18.01.00 and is due to a hard-coded cryptographic key in Exago WebReportsApi.dll (WebReports API). This design flaw can allow an attacker to leak session IDs and elevate privileges within the appliance. The vulnerability is documented in NVD w...
CVE-2022-26357
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the...
Automattic: No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie
Summary: Hi team, If you write the right password on any password protected survey, you will see this request : F878934 This request is protected with rate limit, that's great. But if you look to response, you will see a cookie. The password protection feature is cookie-based system. In my survey...
WSD-T13 cloud storage camera suffers from information leakage vulnerability (CNVD-2019-06649)
Ltd. is an enterprise specializing in the research and development, production, sales and service of security monitoring products. WSD-T13 Cloud Storage Camera suffers from an information leakage vulnerability. An attacker can exploit the vulnerability to cause device ID leakage and add other use...
UBUNTU-CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
Open-Xchange: Incomplete HTML sanitization + Session id leaking + private information disclosure
Hello, I have found a chain of events that lead to session id leaking, witch can be then used to gather private data about other added inboxes to account / login id and some other infos. Unfortunatelly for me I wasn't able to make a hostile account takeover because of you session id + cookie...
extplorer, 2.1.4 and below
extplorere, ID,DT, release of 2.1.5 http://extplorer.net/news/14...
Ubuntu Update for php5 vulnerabilities USN-549-1
Ubuntu Update for Linux kernel vulnerabilities USN-549-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5491.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 vulnerabilities USN-549-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
RedHat Update for php RHSA-2008:0546-01
Check for the Version of php OpenVAS Vulnerability Test RedHat Update for php RHSA-2008:0546-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
CentOS Update for php CESA-2008:0544 centos3 x86_64
Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2008:0544 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...