8 matches found
PT-2026-48380
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...
PT-2026-48379
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description A flaw allows a remote attacker to write arbitrary OS-shortcut files, such as .desktop, .url, and .webloc, to the user's filesystem. This occurs because the file extension allowlist used to preve...
The vulnerability of Ivanti Connect Secure (previously known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons for Zero Trust Access (nZTA) – tools for authentication and access control – stems from incorrect restrictions on XML links to external objects. This allows attackers to gain unauthorized access to protected information.
The vulnerability of Ivanti Connect Secure previously Pulse Connect Secure and Ivanti Policy Secure, as well as the authentication and access control management tools Ivanti Neurons for Zero Trust Access nZTA, is related to an incorrect restriction on XML links to external objects. Exploiting thi...
CVE-2016-2190
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...
CVE-2016-2190
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...
Information disclosure
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log...
Open edX edx-platform design vulnerability
Open edX edx-platform is a free and open source course management system CMS created by Harvard University and the Massachusetts Institute of Technology Harvard and MIT. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. Open edX...
Google Chrome PDFium Security Restriction Bypass Vulnerability
Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. Google Chrome 47.0.2526.73 previous versions of PDFium used in a security vulnerability. Because the program fails to properly restrict the use of chrome: URL...