PT-2026-46802

Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

PT-2026-41879

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the URL validation logic during redirect operations allows an attacker to bypass validation and redirect users to unauthorized URLs. This occurs when Keycloak clients are configure...

EUVD-2026-14764

NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0...

CVE-2026-4563

MacCMS (up to 2025.1000.4052) contains a vulnerability in the function order_info within application/index/controller/User.php of the Member Order Detail Interface that allows authorization bypass via manipulation of the order_id parameter. A remote attack is possible, and public exploits exist o...

SUSE CVE-2026-23948

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...

EUVD-2025-197641

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...

CVE-2019-15514

The Privacy Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers...

CVE-2024-326191

No description is available for this CVE...

CVE-2024-1199

A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument atenid leads to denial of service. The...

git-commit-info vulnerable to Command Injection

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...

PT-2023-20513 · Unknown · Git-Commit-Info

Name of the Vulnerable Software and Affected Versions: git-commit-info versions prior to 2.0.2 Description: The issue arises from the gitCommitInfo method failing to sanitize its commit parameter, which later flows into a sensitive command execution API. This allows attackers to inject malicious...

Design/Logic Flaw

Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak...

IBAX go-ibax SQL注入漏洞

IBAX go-ibax is a blockchain system platform from IBAX Corporation. IBAX go-ibax suffers from a SQL injection vulnerability that stems from unknown functionality in file/api/v2/open/tablesInfo, where manipulation of parameter callbacks leads to SQL injection...

Google Chrome 安全漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. An incorrect security UI vulnerability exists in Page Info in versions of Google Chrome prior to 88.0.4324.96. An attacker can exploit this vulnerability to spoof t...

komotel.myftp.info Cross Site Scripting vulnerability OBB-1452666

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

bat (=0.18.0), buffett-core (>=0.1.0 <=0.1.1) +73 more potentially affected by CVE-2020-36434 via sys-info (>=0.4.1 <=0.7.0)

sys-info CARGO version =0.4.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.3.0, =0.29.0, =0.20.0, =0.1.0, =0.1.0, =1.3.0, =1.8.0, =0.7.0, =0.7.0, =0.31.2 and more Source cves: CVE-2020-36434 Source advisory: OSV:RUSTSEC-2020-0100...

Security Bulletin: Multiple IBM InfoSphere Information Server components are affected by a vulnerability in IBM Dojo Toolkit (CVE-2014-8917)

Summary Multiple components of IBM InfoSphere Information Server may be affected by an XSS vulnerability in IBM Dojo Toolkit. Vulnerability Details CVE-ID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...

radare2 'libr/core/cmd_info.c' remote denial of service vulnerability

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in the 'cmdinfo' function in the libr/core/cmdinfo.c file in radare2 version 1.5.0. A remote attacker can exploit this vulnerability to cause a denial of service reuse after release and...

CVE-2014-0778 Progea Movicon SCADA Exposure of Sensitive Information to an Unauthorized Actor

TCPUploader module listens on Port 10651/TCP for incoming connections. Exploitation of this vulnerability could allow a remote unauthenticated user access to release OS version information. While this is a minor vulnerability, it represents a method for further network reconnaissance...

DEBIAN-CVE-2007-4483

Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...