13 matches found
CVE-2026-5335
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...
IBM Concert has an information disclosure vulnerability
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An information disclosure vulnerability exists in IBM Concert versions 1.0.0 through 2.1.0, which can be exploited by an attacker to obtain sensitive...
CVE-2025-10258 A time-based SQL Injection vulnerability in Infinera DNA
Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information...
Directory Traversal
Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization in the file upload functionality. An attacker can upload and overwrite files outside the intended directory by providi...
WhosHere Plus. Trilateration vulnerability
WhosHere Plus is a dating app that uses GPS data to recommend users near to each other, based on similar interests. PTP constantly researches the state of privacy and security in apps that use GPS data, because the consequences of poor security and privacy are alarming: Tracking and snooping on a...
CVE-2023-28319
A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...
TotoLink A3100R 安全漏洞
TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R versions V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 are vulnerable to an access control error, which could be exploited by attackers to to obtain sensitive information via a crafted web request...
ROS-20220516-09
Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...
Weak Password Vulnerability in Website Building System of Zaozhuang Intech Information Network Co.
Zaozhuang Intech Information Network Co., Ltd. is a network provider specializing in information construction services for enterprises and institutions, focusing on website production, software development, system integration and other project development. There is a weak password vulnerability i...
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure Exploit
Exploit for hardware platform in category web applications ''' Exploit Title: Login bypass and data leak - Lutron Quantum 2.0 - 3.2.243 firmware Date: 20-03-2018 Exploit Author: David Castro Contact: https://twitter.com/SadFud75 Vendor Homepage: http://www.lutron.com Software Link:...
blkif responses leak backend stack data
ISSUE DESCRIPTION The block interface response structure has some discontiguous fields. Certain backends populate the structure fields of an otherwise uninitialized instance of this structure on their stacks, leaking data through the internal or trailing padding field. IMPACT A malicious...
Google Chrome PDFium Out-of-Bounds Read Vulnerability (CNVD-2016-03790)
Google Chrome is a popular web browser. Google Chrome PDFium suffers from an out-of-bounds read vulnerability, which allows remote attackers to exploit the vulnerability to build malicious WEB pages that can be parsed by the user and can be used to obtain sensitive information...
Icecast Multiple Vulnerabilities
Binary data 2724.prm...