23 matches found
CVE-2025-34072
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol MCP Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embeddin...
CVE-2025-34072
CVE-2025-34072 : A data exfiltration vulnerability affects Anthropic’s deprecated Slack Model Context Protocol (MCP) Server. When an AI agent processes untrusted data, attacker-crafted hyperlinks embedded in messages can be revealed by Slack link preview bots (Slack-LinkExpanding, Slackbot, Slack...
Private Data Structure Returned From A Public Method
Overview Affected versions of this package are vulnerable to Private Data Structure Returned From A Public Method. When a user accesses an externally referenced image, the provider of the image may obtain private information about the IP address of that accessing user. Remediation Upgrade...
CVE-2025-29868
Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of th...
CVE-2025-27600
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intrane...
Medium: edk2
Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...
DEBIAN-CVE-2023-5992
A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...
SUSE CVE-2017-5188
The bsworker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information...
SUSE CVE-2018-12366
An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...
USN-4978-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, re-enable camera devices without an additional permission prompt, spoof the browser UI, or execute...
hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA STore Address and STD STore Data sub-operations. These sub-operations allow the processor to hand-off address generation...
UBUNTU-CVE-2018-19565
A buffer over-read in cropmaskedpixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information...
Out-of-bounds
An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...
CVE-2018-12366
An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...
Mozilla: Invalid data handling during QCMS transformations
An invalid grid size during QCMS color profile transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...
SAP NetWeaver AS JAVA 7.5 Information Disclosure
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: information disclosure Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn...
SAP NetWeaver AS JAVA 7.5 Cross Site Scripting
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: XSS Sent: 29.09.2015 Reported: 30.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan ERPScan...
SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.1 – 7.5 Vendor URL: SAP Bugs: Information disclosure Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7713)
Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: Mozilla Foundation Security Advisory 2011-30 - MFSA 2011-30 - Miscellaneous memory safety hazards Mozilla developers and community members identified and fixed several memory...
RHEL 4 : seamonkey (RHSA-2011:1167)
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1167 advisory. SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the...