27 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...
CVE-2026-58419
CVE-2026-58419 affects the Go-Gitea project where the Notification API can leak private issue metadata after access revocation. The Snyk notes describe Information Exposure in multiple internal components of the Gitea web feed/routers, convert, and git modules, with affected code paths in the Not...
CVE-2026-34970
Summary: CVE-2026-34970 affects MantisBT, where versions 2.28.1 and earlier allow a bugnote author to view the Revisions page of a private issue after losing access to that issue. This undermines confidentiality by exposing private issue metadata on the Revisions page. Root cause (as described): ...
Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode
Summary Several API endpoints in authenticated mode have no authentication at all. They respond to completely unauthenticated requests with sensitive data or allow state-changing operations. No account, no session, no API key needed. Verified against the latest version. Discord: sagi03581 Steps t...
PT-2026-24363
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.14.24 through 3.19.3 Description An improper authorization issue was found in GitHub Enterprise Server. A user with read access to a repository and write access to a project could modify issue and pull reque...
CVE-2023-40425
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14, macOS Monterey 12.7.1. An app with root privileges may be able to access private information...
EUVD-2019-4039
Malware in sbrugna...
EUVD-2021-1643
Malware in sbrugna...
EUVD-2008-4668
Malware in sbrugna...
EUVD-2021-6550
Malicious code in bioql PyPI...
CVE-2025-45731
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending...
CVE-2025-7884
CVE-2025-7884 affects Eluktronics Control Center 5.23.51.41, specifically the REG File Handler. The underlying issue is insufficient verification of data authenticity, allowing a local-host attack. Public disclosure exists, and vendor response is noted as lacking. NVD reports a HIGH impact across...
CVE-2022-2146
The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting...
CVE-2019-13267
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After i...
CVE-2024-46547
CVE-2024-46547 affects Wampserver (Romain Bourdon) versions 3.2.3 and 3.2.6. The issue arises from improper access-control validation on the PHP Info Page, allowing unauthorized users to access sensitive information. The documented impact is data leakage. No remediation details are provided in th...
BIT-GITEA-2021-28378
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...
CVE-2023-31416 Elastic Cloud on Kubernetes (ECK) secret token configuration issue
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...
GHSA-G95P-88P4-76CM Cross-site Scripting in Gitea
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations...