EUVD-2021-25555

Malware in sbrugna...

CVE-2024-1898

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...

CVE-2025-0921 Information Tampering Vulnerability in Multiple Services of GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, IoTWorX, MC Works64, GENESIS, GENESIS32, and BizViz

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian version...

CVE-2024-1898

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...

CVE-2024-1898

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...

CVE-2024-1898

CVE-2024-1898 : Devolutions Server (versions up to 2023.3.14.0) has improper access control in the notification feature, allowing a low-privileged user to change administrator-configured notification settings. The root cause is access control weakness that lets non-admins modify admin-defined con...

Cross-site Scripting in silverpeas

Silverpeas Core 6.3.1 and prior are vulnerable to Cross Site Scripting XSS via the message/notification feature...

GHSA-WGRW-FJ3V-FHC5 Cross-site Scripting in silverpeas

Silverpeas Core 6.3.1 and prior are vulnerable to Cross Site Scripting XSS via the message/notification feature...

CVE-2023-47324

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting XSS via the message/notification feature...

PT-2023-30416 · Unknown · Silverpeas Core

Name of the Vulnerable Software and Affected Versions: Silverpeas Core version 6.3.1 Description: The notification/messaging feature does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users, including those sent only to...

PT-2023-30417 · Unknown · Silverpeas Core

Name of the Vulnerable Software and Affected Versions: Silverpeas Core version 6.3.1 and prior Description: The issue is related to Cross Site Scripting XSS via the message/notification feature. This allows for potential malicious script execution. No information is provided about the estimated...

SUSE CVE-2015-4510

Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash by leveraging improper interaction between shared workers and the IndexedDB implementatio...

SoftPerfect NetWorx 安全漏洞

SoftPerfect NetWorx is a simple and versatile tool from SoftPerfect that helps you monitor Internet connections. A security vulnerability exists in SoftPerfect NetWorx version 7.1.1, which stems from a vulnerability that allows an attacker to execute a malicious binary with potentially elevated...

Cross site scripting

Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model...

CVE-2022-34323

Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model...

Atlassian Jira 8.5.x < 8.18.0 (JRASERVER-72575)

The version of Atlassian Jira installed on the remote host is prior to 8.5.x 8.18.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-72575 advisory. - Information disclosure issue in the comment notification feature - CVE-2021-39120 CVE-2021-39120 Note that Nessus has...

CVE-2021-39119

Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Access Control vulnerability in the issue notification feature. The affected versions are before versi...

Circle with Disney Command Injection Vulnerability

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A command injection vulnerability exists in the notification feature in Circle with Disney version 2.0.1. The vulnerability can be...

Facebook Will Now Notify You If NSA is Spying on You

Facebook just launched a new notification feature that will alert you if the social network strongly suspects that your account is being hijacked or targeted by hackers working in the interest of a nation-state. The message, which you can see below, recommends users to turn ON "Login Approvals," ...

Shopify: Notification request disclose private information about other myshopify accounts

Hello Attacker, using notification feature in Admin panel, can successfully disclose\enumerate Shopify customers and retrieve their user-id, first+last name and email address. Last part of information is most avluble piece of information, since it can be used to conduct targeted attack on Shopify...