94 matches found
CVE-2025-62317
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...
EUVD-2025-209857
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...
CVE-2025-62317
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...
GO-2026-4822 PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab
PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab...
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
Summary A sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype, Set.prototype is placed into an array and retrieved, the isGlobal...
CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype,...
CVE-2026-25881 @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference e.g., Map.prototype,...
Use of Cache Containing Sensitive Information
Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to aggressive cache headers being set by default when processing uploads with ImageSharp, which can cause intermediary caches or...
MiracleLinux 9 : rpm-4.16.1.3-27.el9_3 (AXSA:2024-7473:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7473:01 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...
EUVD-2019-8951
Malware in sbrugna...
kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client uses a buffer size less than 4 byte...
MAL-2024-12101 Malicious code in ing-feat-business-intermediary-lease-calculator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4ae63e9378c4493de34d242aa3a415d841799fe6e51f503848c1408c8dfe5e44 The OpenSSF Package Analysis project identified 'ing-feat-business-intermediary-lease-calculator' @ 1.1.0 npm as malicious. It is considered...
MikroTik RouterOS Confused Deputy (CVE-2019-3924)
MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
rpm: checks for unsafe symlinks are not performed for intermediary directories
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...
A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy.
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...