223 matches found
CVE-2025-55748 XWiki Platform's configuration files can be accessed through jsx and sx endpoints
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...
CVE-2025-55748
Affected product : XWiki Platform. Vulnerability : path traversal through the jsx and sx endpoints that allows remote attackers to read configuration files. Root cause : improper access control enabling traversal to read files like WEB-INF/xwiki.cfg. Versions affected : 4.2-milestone-2 through 16...
CVE-2025-55747
CVE-2025-55747 — XWiki Platform Information Disclosure . Affected: XWiki Platform versions 6.1-milestone-2 through 16.10.6. Root cause: configuration files are exposed via the webjars API, enabling remote access to sensitive configuration data. Evidence across connected sources confirms this is a...
PT-2025-35831
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 6.1-milestone-2 through 16.10.6 Description: The XWiki Platform is a generic wiki platform. Affected versions allow access to configuration files through the webjars API. This issue is resolved in version 16.10.7...
PT-2025-35832
Name of the Vulnerable Software and Affected Versions XWiki Platform versions 4.2-milestone-2 through 16.10.6 Description The XWiki Platform is a generic wiki platform. Configuration files are accessible through jsx and sx endpoints. An attacker can access and read configuration files using URLs...
Linux Distros Unpatched Vulnerability : CVE-2022-1190
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a...
Linux Distros Unpatched Vulnerability : CVE-2022-0172
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction fo...
The vulnerability of the Milestone XProtect software installer allows a intruder to disclose protected information.
The vulnerability of the Milestone XProtect video surveillance software installer is related to the lack of data encryption measures. Exploiting this vulnerability could allow a remote attacker to disclose the protected information...
CVE-2019-12431
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control...
PT-2025-17403 · Undefined · Undefined
One year ago, I was hoping to get a CVE Today, it’s real — CVE-2025-43927. 🚀 It might seem small, but for me, it’s so much. Showing up every day got me here. This is just the start. BugBounty CVE bugbountytips...
CVE-2025-1688
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...
CVE-2025-1688
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...
CVE-2025-1688 System configuration password reset
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...
CVE-2025-1688
CVE-2025-1688 affects Milestone XProtect installer behavior where upgrading from older versions using 2024 R1/R2 installers resets the Management Server’s system configuration password. The vulnerability is triggered during upgrade processes and could bypass password protection, potentially impac...
CVE-2025-1688 System configuration password reset
Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. The system configuration password is an additional, optional protection that is enabled on the...
Milestone XProtect 安全漏洞
Milestone XProtect is a video management software from Milestone. A security vulnerability exists in Milestone XProtect versions 2024 R1 through 2024 R2, which originates from resetting the system configuration password during the upgrade process, which could lead to a security configuration...
CVE-2024-43107
Improper Certificate Validation CWE-295 in the Gallagher Milestone Integration Plugin MIP permits unauthenticated messages e.g. alarm events to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior...
CVE-2024-43107
Improper Certificate Validation CWE-295 in the Gallagher Milestone Integration Plugin MIP permits unauthenticated messages e.g. alarm events to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior...
CVE-2024-43107
CVE-2024-43107 concerns the Gallagher Milestone Integration Plugin (MIP). The issue arises from improper certificate validation (CWE-295) in MIP, allowing unauthenticated messages (such as alarm events) to be sent to the plugin. Affected products include Gallagher MIP versions prior to 4.0.32 and...
CVE-2024-43107
Improper Certificate Validation CWE-295 in the Gallagher Milestone Integration Plugin MIP permits unauthenticated messages e.g. alarm events to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior...