Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48380

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...

9.6CVSS6AI score0.00406EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48379

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description A flaw allows a remote attacker to write arbitrary OS-shortcut files, such as .desktop, .url, and .webloc, to the user's filesystem. This occurs because the file extension allowlist used to preve...

9.6CVSS6.1AI score0.00555EPSS
Exploits1References18
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.5 views

The vulnerability of Ivanti Connect Secure (previously known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons for Zero Trust Access (nZTA) – tools for authentication and access control – stems from incorrect restrictions on XML links to external objects. This allows attackers to gain unauthorized access to protected information.

The vulnerability of Ivanti Connect Secure previously Pulse Connect Secure and Ivanti Policy Secure, as well as the authentication and access control management tools Ivanti Neurons for Zero Trust Access nZTA, is related to an incorrect restriction on XML links to external objects. Exploiting thi...

8.3CVSS8.1AI score0.94721EPSS
Exploits1References6Affected Software3
OSV
OSV
added 2016/05/22 8:59 p.m.6 views

CVE-2016-2190

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...

5.3CVSS5.4AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/05/22 8:59 p.m.21 views

CVE-2016-2190

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...

5.3CVSS6.9AI score0.01931EPSS
Exploits0References2
Prion
Prion
added 2016/05/22 8:59 p.m.15 views

Information disclosure

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...

5CVSS6.6AI score0.01931EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2016/03/21 12:0 a.m.3 views

Open edX edx-platform design vulnerability

Open edX edx-platform is a free and open source course management system CMS created by Harvard University and the Massachusetts Institute of Technology Harvard and MIT. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. Open edX...

6.5CVSS7AI score0.02047EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/07 12:0 a.m.4 views

Google Chrome PDFium Security Restriction Bypass Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. Google Chrome 47.0.2526.73 previous versions of PDFium used in a security vulnerability. Because the program fails to properly restrict the use of chrome: URL...

4.3CVSS9.1AI score0.02025EPSS
Exploits0References1
Rows per page
Query Builder