sunbird-portal 安全漏洞

sunbird-portal is an open-source portal developed by Sunbird-ED. Version 1.13.4 of sunbird-portal contains a security vulnerability caused by improper path restrictions, which may lead to path traversal attacks...

WordPress plugin Keenarch 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Blogzee code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

EUVD-2022-39575

Malicious code in bioql PyPI...

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to fingerprint the user due to improper access restrictions to the file system...

Cisco Unified CCX 路径遍历漏洞

Cisco Unified CCX is a contact center software from Cisco. A path traversal vulnerability exists in Cisco Unified CCX that stems from improperly restricted path traversal and could lead to the execution of arbitrary code...

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to fingerprint the user due to improper access restrictions to the file system...

CVE-2025-1864 Buffer Overflow and Potential Code Execution in Radare2

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before 5.9.9...

The vulnerability of the Kotlin HTTP http4k application library’s functionality is related to incorrect restrictions on XML links to external objects, allowing attackers to perform XXE attacks.

The vulnerability of the Kotlin HTTP http4k application’s toolset is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

CVE-2024-55896 IBM PowerHA SystemMirror for i clickjacking

IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system...

Microsoft GroupMe 安全漏洞

Microsoft GroupMe is a confidential group text messaging service from Microsoft USA. Users can group chat and manage text messages via SMS or client on their cell phones. A security vulnerability exists in Microsoft GroupMe that stems from improper restrictions on excessive authentication attempt...

Prototype Pollution

getsetprop is vulnerable to prototype pollution. The vulnerability is due to improper restrictions on proto or constructor.prototype properties, which allows an attacker to manipulate application logic, potentially leading to denial of service, remote code execution...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service (CVE-2024-28760)

Summary IBM App Connect Enterprise Dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. This bulletin identifies the steps to take to address the vulnerability Vulnerability Details CVEID:CVE-2024-28760 DESCRIPTION: IBM App Connect Enterprise dashboa...

Local File Inclusion (LFI)

zmarkdown is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper restrictions of images paths within LaTeX documents. This allowed an attacker to specify a local file path e.g., /tmp/img.png in the image markdown syntax which leads to Local File Inclusion LFI, resulting i...

CVE-2023-6109 YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to on...

The vulnerability of the Node.js software platform, related to incorrect restrictions on path names for directories with restricted access, allows attackers to gain access to confidential information.

The vulnerability of the Node.js software platform is related to incorrect restrictions on path names for directories with restricted access. Exploiting this vulnerability could allow an attacker to gain access to confidential information...

XML Injection

org.apache.ivy:ivy is vulnerable to XML Injection. The vulnerability exists due to improper external DTD XML restrictions. An attacker is able to exploit this vulnerability by parsing a specially crafted XML file, which allows the attacker to access sensitive information, such as passwords or oth...

CVE-2023-33867

Improper buffer restrictions in some IntelR RealSenseTM ID software for IntelR RealSenseTM 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-21637 Improper Restrictions of Operations within the Bounds of a Memory Buffer in Linux

Memory corruption in Linux while calling system configuration APIs...

Improper Access Control

admidio/admidio is vulnerable to Improper Access Control. The vulnerability exists due to improper restrictions in album locking which allows an attacker to send ecards and view the album data...