19 matches found
CVE-2026-56322
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...
CVE-2026-49397
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data. This issue has been patched in version...
GHSA-VRMH-5MMX-HJWX Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data
Private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data CWE: CWE-285 Improper Authorization via CWE-200 Exposure of Sensitive Information to an Unauthorized Actor and CWE-863 Incorrect Authorization — inconsistent gating across data-reader...
Malicious code in power-platform-playwright-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...
HCL Sametime 安全漏洞
HCL Sametime is a conference solution developed by the Indian company HCL. There is a security vulnerability in HCL Sametime for iOS. This vulnerability stems from the leakage of sensitive information, which may lead to the inclusion of host name information in application logs and certain URLs...
EUVD-2020-27958
Malware in sbrugna...
EUVD-2022-55610
Malicious code in bioql PyPI...
Comodo Dragon 安全漏洞
Comodo Dragon is a web browser from Comodo China. A security vulnerability exists in Comodo Dragon version 134.0.6998.179 and prior versions, which stems from a component IP DNS Leakage Detector that causes sensitive information to be transmitted in clear text...
NETGEAR WN604 安全漏洞
The NETGEAR WN604 is a small wireless router from NETGEAR. An information disclosure vulnerability exists in the NETGEAR WN604. An attacker can use this vulnerability to access the siteSurvey.php page to obtain sensitive information such as the SSID, security type, encryption method, and channel ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel. Attackers have exploited the vulnerability to cause device name leakage...
Design/Logic Flaw
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name when the user has been revision deleted/suppressed...
CVE-2022-41766
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name when the user has been revision deleted/suppressed...
CVE-2022-41766
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name when the user has been revision deleted/suppressed...
CVE-2022-41766
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name when the user has been revision deleted/suppressed...
CVE-2022-41766
MediaWiki contains a vulnerability (CVE-2022-41766) where, during action=rollback, the alreadyrolled message can leak the username of users who have been revision deleted or suppressed. Affected versions are: before 1.35.8; 1.36.x; and 1.37.x before 1.37.5; and 1.38.x before 1.38.3. Remediation p...
CVE-2022-41766
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name when the user has been revision deleted/suppressed...
CVE-2019-13417
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names but not values for fields which are not allowed for the user when field level security FLS is activated...
New Relic: Permissions leaks the full name of other NR accounts - Regression of #267636
One more before I run to dinner... Steps to Reproduce: 1. Add a user to your account 1. Enter "123" as the name and "[email protected]" as the email 1. Make them a "user" base role. 1. Click add user button. 2. Navigate to https://synthetics.newrelic.com/accounts/1523936/permissions 3. Create a...
Multiple Vulnerabilities in CoverCMS V1.16
CoverCMS is a content management system CMS. The system features multi-content distribution, scalability and multi-content type support. CoverCMS V1.16 suffers from reinstallation, information leakage, brute force, stored cross-site scripting and reflected cross-site scripting vulnerabilities...