Lucene search
K

27 matches found

OSV
OSV
added 2025/11/25 10:18 p.m.4 views

JLSEC-2025-301 A flaw was found in tiffcrop, a program distributed by the libtiff package

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff...

6.1CVSS6.1AI score0.00388EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-13298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package upload functionality was not properly validating the supplied...

7.2CVSS5.9AI score0.01242EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-26408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A limited information disclosure vulnerability exists in Gitlab CE/EE from = 12.2 to =13.5 to =13.6 to = 12.2 to =13.5 to =13.6 to 13.6.2 that allows an attacke...

5.3CVSS5.6AI score0.01018EPSS
Exploits0References2
CVE
CVE
added 2025/03/24 11:29 p.m.348 views

CVE-2025-24513

Technical details for CVE-2025-24513 are not provided in the given documents. Monitor for updates and subsequent disclosures to obtain affected products, root cause, impact, and fixes.

4.8CVSS7.3AI score0.03517EPSS
Exploits0References2
Hacker One
Hacker One
added 2024/05/22 7:54 p.m.29 views

HackerOne: Access Control Vulnerability Enabling Unauthorized Access to Limited Disclosure Reports

The vulnerability allowed an unauthorized user to close a report as a duplicate of another report from a different program or organization. The root cause was an improper access control check that did not account for limited disclosure reports or the original report being in the same organization...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2023/12/11 7:1 p.m.37 views

CVE-2023-49795 MindsDB Server-Side Request Forgery vulnerability

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issu...

6.5CVSS6.4AI score0.00422EPSS
Exploits0References2
Hacker One
Hacker One
added 2023/10/17 3:26 p.m.32 views

HackerOne: New Search Feature: Search for non-public words in limited disclosure reports

A vulnerability was discovered that allowed an attacker to search for words in limited disclosure vulnerability reports on HackerOne and see if the word existed in the full report, rather than just the limited disclosure portion. This could potentially allow secrets contained within a full report...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2023/07/26 11:18 a.m.64 views

HackerOne: Takeover of hackerone.engineering via Github

The hacker was able to take over the hackerone.engineering domain after a brief misconfiguration window on GitHub. They claimed the domain in their own repository while the DNS records were still pointing towards GitHub. The issue has been resolved and no malware was found on the site during the...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/09 10:2 a.m.4 views

libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c

A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure...

6.8CVSS7.3AI score0.00425EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2023/04/10 12:0 a.m.28 views

CVE-2023-1916

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff...

6.1CVSS6.7AI score0.00388EPSS
Exploits1References2
Prion
Prion
added 2022/08/22 5:15 p.m.19 views

Information disclosure

Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure...

1.7CVSS3.7AI score0.00232EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2022/07/05 8:55 p.m.15 views

linda-nier.de Cross Site Scripting vulnerability OBB-2729496

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
0day.today
0day.today
added 2021/10/06 12:0 a.m.1081 views

Dahua Authentication Bypass Vulnerability

STX Subject: Update: Dahua Authentication bypass CVE-2021-33044, CVE-2021-33045 Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis 2021 Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole -=Dahua=-...

10CVSS0.3AI score0.99871EPSS
Exploits13
Packet Storm
Packet Storm
added 2021/10/06 12:0 a.m.1035 views

Dahua Authentication Bypass

STX Subject: Update: Dahua Authentication bypass CVE-2021-33044, CVE-2021-33045 Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis 2021 Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole -=Dahua=-...

10CVSS0.3AI score0.99871EPSS
Exploits13
Cvelist
Cvelist
added 2021/06/22 9:25 p.m.27 views

CVE-2021-34395

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service...

3.9CVSS5.6AI score0.00179EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/06/03 3:42 p.m.79 views

h1-ctf: 100K CTF's Writeup

Limited disclosure based on researcher's request. Hello everyone, We are one of the winners of 100k CCC CTF and we would like to congratulate all the other winners of the CTF as well. Here is the link to our write-up https://blog.dexter0us.com/posts/ccc-h1ctf/ hope you guys enjoy reading it and...

7AI score
Exploits0
Debian CVE
Debian CVE
added 2020/09/14 9:44 p.m.19 views

CVE-2020-13298

Removed by vendor...

7.2CVSS6.2AI score0.01242EPSS
Exploits0
Hacker One
Hacker One
added 2020/06/15 10:46 a.m.208 views

Shopify: GraphQL AdminGenerateSessionPayload is leaked to staff with no permission

@hiffley reported the ability to generate app tokens via the adminGenerateSession mutation in Shopify Admin, as a staff member with no permissions. This allowed for accessing a small subset of installed apps that are using this new flow including Shopify Email. Access was limited to the current...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2019/01/01 11:18 a.m.30 views

Starbucks: Bug in GraphQL and API integration leads to limited user address disclosure

A modified GraphQL query to fetch a user's address book entries led to a limited disclosure of user address book entries. The modified query resulted in a backend API request with undefined as a parameter. The response contained address lists of accounts with a username of undefined. We were not...

1AI score
Exploits0
0day.today
0day.today
added 2018/06/01 12:0 a.m.140 views

Quest KACE System Management Appliance 8.0 - Multiple Vulnerabilities

Quest KACE System Management Appliance version 8.0 Build 8.0.318 suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities. Quest KACE System Management Appliance Multiple Vulnerabilities 1. Advisory Information Title: Quest KACE...

0.4AI score0.91931EPSS
Exploits17
Rows per page
Query Builder