7 matches found
CVE-2025-63914
An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...
PT-2025-37851
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7 iPadOS versions prior to 18.7 iOS versions prior to 26 iPadOS versions prior to 26 Description An application may be able to monitor keystrokes without user permission due to improved checks. Recommendations Update t...
Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035
This module enables you to "clone" a content entity, i.e. to create a new content pre-filled with data from another entity of the same type and bundle. The module doesn't properly check the user access to the original entity, allowing users to create a new entity they have permission to create...
Authentication flaw
Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...
CVE-2020-3916
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...
DRUPAL-CONTRIB-2018-015
This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently associate cacheability metadata in certain situations thereby causing an access bypass vulnerability. This vulnerability is mitigated b...
CVE-2011-3391
IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu...