11 matches found
CVE-2026-32299
CVE-2026-32299 is linked to a GitHub Advisory for Connect CMS describing an improper authorization vulnerability in the page content retrieval feature. The issue could allow a third party to access contents and attachments of non-public pages due to insufficient authorization checks. Affected sof...
EUVD-2020-23235
Malware in sbrugna...
EUVD-2021-25580
Malware in sbrugna...
CVE-2025-52970
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...
PT-2024-13465 · Decidim · Decidim
Name of the Vulnerable Software and Affected Versions: Decidim versions 0.23.0 through 0.27.4 Decidim versions 0.28.0 before the fix Description: Decidim is a participatory democracy framework. The CSRF authenticity token check is disabled for the questionnaire templates preview, which may allow...
Misskey code issue vulnerability
Misskey is a micro-blogging platform, and a code issue vulnerability exists in Misskey due to a server-side request forgery vulnerability in the software's "upload from URL" and remote attachment handling. This could lead to the disclosure of non-public information on the intranet. No details of...
CVE-2021-39195
Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...
MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Information Disclosure Vulnerability
MB CONNECT LINE mymbCONNECT24 is an internal remote maintenance solution for virtual environments from the German company MB CONNECT LINE Mb Connect Line. MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 is vulnerable to an information disclosure. An attacker could use this vulnerability to obtain...
CVE-2020-35568
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the...
Design/Logic Flaw
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the...
LocalTapiola: SQL Injection on /webApp/viivanalle (viestinta.lahitapiola.fi)
Issue The reporter found a blind SQL Injection attack in an application in viestinta.lahitapiola.fi. Fix The issue was investigated and found to be valid. The fix was to remove the application as it was not needed. Reasoning The reported case was valid and within the scope of the bug bounty...