11 matches found
CVE-2025-62316
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
EUVD-2025-209856
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
PT-2026-40957
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...
Malicious code in kmvn-ekjvnbwkhjbewv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b7bdb5dbe3c34fefec0edf3fec374c428af88d2600073a8db94054e7feb101fa Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...
MAL-2024-12223 Malicious code in byterec-models (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a743bef3c7e21e3a83027eb77a9868e7b659f295c96c82ac735bc135b353e597 Collects basic information about the system, most probably a pentest or bug bounty. --- Category: PROBABLYPENTEST - Packages looking like typical pentest...
CVE-2024-4748
The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...
CVE-2024-38379
CVE-2024-38379 affects Apache Allura (versions 1.4.0–1.17.0). The vulnerability is a stored XSS in the neighborhood settings, accessible only to neighborhood admins, limiting scope to configurations where admins aren’t fully trusted. Root cause is unfiltered/unsafely handled user data in these se...
CVE-2024-38379 Apache Allura: Stored authenticated XSS
Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users ar...
CVE-2022-40315
A limited SQL injection risk was identified in the "browse list of users" site administration page...
CVE-2021-34395
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service...
HackerOne: Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission
The HackerOne directory contains profiles of bug bounty and vulnerability disclosure programs that aren't managed on HackerOne. These profiles can be claimed by the organization that manages it. As part of this flow, they will need to enter an email address to confirm that affiliation with the...