13 matches found
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
EUVD-2022-7559
Malicious code in bioql PyPI...
Online portal exposed car and personal data, allowed anyone to remotely unlock cars
A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to...
XWiki licensor application security vulnerability
XWiki licensor application is an extension for XWiki. A security vulnerability exists in XWiki licensor application. An attacker could use this vulnerability to obtain sensitive information, including the instance ID and the name and email of the license owner...
PT-2024-21295 · Xwiki · Xwiki Application Licensing
Name of the Vulnerable Software and Affected Versions: XWiki Application Licensing versions prior to 1.24.2 Description: The XWiki licensor application includes a public document Licenses.Code.LicenseJSON that exposes sensitive information, including the instance's id, first and last name, and...
Improper Access Control
github.com/peterzen/goresolver is vulnerable to improper access control. The vulnerability exists because the owner name of RRSIG RRs is not validated which allows an attacker to gain access to other domains...
CVE-2022-3346
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for...
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE :...
CVE-2018-19749
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field...
CVE-2018-19749
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field...
Information disclosure
The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application...
Bump for Android vulnerable in handling of implicit intents
Overview Bump for Android is an application that allows users to share information and files. Bump for Android contains a vulnerability in the handling of implicit intents. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...