369 matches found
The vulnerability of the Power Automate for Desktop automation platform, related to insufficient protection of operational data, allows attackers to escalate their privileges.
The vulnerability of the Power Automate for Desktop automation platform is related to insufficient protection for operational data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the Booco business automation platform, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to the system and compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Booco business automation platform is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the system and compromise the confidentiality, integrity, and...
The vulnerability of the Service Diagnostics Scripts component of the OracleTeleservice module in the Oracle E-Business Suite automation system allows a perpetrator to disclose protected information.
The vulnerability of the Service Diagnostics Scripts component of the Oracle Teleservice module in the Oracle E-Business Suite system relates to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose protected informatio...
The vulnerability of the umatiGateway firewall interface allows a perpetrator to gain read and edit access to the protected information.
The vulnerability of the umatiGateway firewall interface is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to gain read access and modify the protected information...
The vulnerability of the Git Utilities module for Drupal CMS systems lies in the insufficient protection of operational data, allowing attackers to gain access to read, modify, or delete data, or execute arbitrary code.
The vulnerability of the Git Utilities module for Drupal CMS systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, or delete data, or execute arbitrary code...
The vulnerability of the platform for managing and monitoring Vynamic View terminals lies in the insufficient protection of operational data, which allows attackers to disclose the protected information.
The vulnerability of the platform for managing and monitoring Vynamic View terminals is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to disclose the protected information...
The vulnerability of the reNgine software tool for automated web application reconnaissance, related to insufficient protection of operational data, allows a perpetrator to disclose protected information.
The vulnerability of the reNgine software tool for automated web application reconnaissance is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...
The vulnerability of the software for interacting with servers via cURL, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the software for interacting with servers via cURL is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Microprogramming Software in Cisco SIP IP Phones like Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series arises from insufficient protection for operational data, allowing unauthorized access to protected information by attackers.
The vulnerability of the microprogramming software used in Cisco SIP IP phones and Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series lies in the insufficient protection of operational data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected informatio...
The vulnerability of Cisco Meraki network devices’ microprogramming software, related to insufficient protection of operational data, allows attackers to gain unauthorized access to protected information.
The vulnerability of Cisco Meraki network devices’ microprogramming software is related to insufficient protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the FreeIpa server, related to insufficient protection of service data, allows attackers to circumvent existing security restrictions and disclose the protected information.
The vulnerability of the FreeIpa server is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and disclose the protected information...
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to insufficient protection of operational data. Exploiting this vulnerability can allow unauthorized actors to gain unauthorized access to protected information...
The vulnerability of the OpenSearch software package, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.
Vulnerability of the OpenSearch software package, related to insufficient protection of operational data. Exploiting this vulnerability may allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the ColdFusion software platform, related to insufficient protection of operational data, allows attackers to circumvent security restrictions.
The vulnerability of the ColdFusion software platform is related to insufficient protection for operational data. Exploiting this vulnerability can allow attackers to circumvent security restrictions...
The vulnerability of the Microsoft Outlook for Android client, related to insufficient protection of administrative data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Microsoft Outlook for Android client is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to insufficient protection of operational data. Exploiting this vulnerability can allow unauthorized actors to gain unauthorized access to protected information...
The vulnerability of the FortiSIEM security management system, related to insufficient protection of operational data, allows a attacker to obtain the database password.
The vulnerability of the FortiSIEM security management system is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain database passwords through specially created API requests...
GHSA-FM3H-P9WM-H74H Directus's webhook trigger flows can leak sensitive data
Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...
CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...
The vulnerability of the corporate messaging system ROSSAT, related to insufficient protection of operational data, allows a perpetrator to gain unauthorized access to read, modify, or delete data.
The vulnerability of the corporate messaging system ROSSAT is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to read, modify, or delete data by sending a specially crafted GET request...