Cisco Secure Workload 访问控制错误漏洞

Cisco Secure Workload is a software product developed by Cisco Corporation in the United States. It allows users to install software agents on their application workloads. There is an access control vulnerability in Cisco Secure Workload, which stems from insufficient access validation in the...

CVE-2026-33705

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

CVE-2026-34162

Product: FastGPTVulnerability: Unauthenticated SSRF via the /api/core/app/httpTools/runTool endpointImpact: Potential internal API key theft; full server-side HTTP proxy behavior exposes response dataAffected versions: before 4.14.9.5Fix/mitigation: Upgrade to 4.14.9.5 (patched)CVSSv3.1: 10.0 (CR...

CVE-2008-7274

IBM WebSphere Application Server WAS 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by 1 not providing a password or 2 providing an empty password...

EUVD-2025-204032

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

CVE-2025-12996

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

EUVD-2024-37660

Malicious code in bioql PyPI...

CVE-2022-36852

Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data...

CVE-2024-23540

The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file...

CVE-2024-23540 HCL BigFix Inventory is vulnerable to path traversal

The HCL BigFix Inventory server is vulnerable to path traversal which enables an attacker to read internal application files from the Inventory server. The BigFix Inventory server does not properly restrict the served static file...

CVE-2024-23540

CVE-2024-23540 : The HCL BigFix Inventory server is vulnerable to a path traversal flaw that allows an attacker to read internal application files by exploiting improper restrictions on served static files. The vulnerability is mapped to CVSS 3.1: Network, Low attack complexity, Privileges Requir...

Session fixation

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments...

CVE-2022-36857

Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data...

CVE-2022-36852

Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data...

Siemens Siveillance Identity

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siveillance Identity Vulnerabilities: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote...

Tibco Software TIBCO Spotfire Server 安全漏洞

Tibco Software TIBCO Spotfire Server is a suite of TIBCO Spotfire data analytics and mining tools based platforms from Tibco Software USA that provide integration, operation, and management for organizations. A security vulnerability exists in TIBCO Spotfire Server that allows a malicious custom...

Apache Struts Incorrect Default Exclude Pattern Vulnerability

Apache Struts is an open source architecture for building Java web applications. The Apache Struts program fails to properly default exclude patterns when using the default settings, allowing remote attackers to exploit the vulnerability against the internal application state...

CVE-2008-7274

IBM WebSphere Application Server WAS 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by 1 not providing a password or 2 providing an empty password...

CVE-2008-7274

IBM WebSphere Application Server WAS 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by 1 not providing a password or 2 providing an empty password...