19 matches found
PT-2026-22205
Name of the Vulnerable Software and Affected Versions wger versions prior to 2.4 Description wger is a free, open-source workout and fitness manager. An issue exists where three nutritional values action endpoints bypass user-scoped querysets via a raw ORM call, specifically Model.objects.getpk=p...
EUVD-2025-203204
The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendances REST API Endpoint in all versions up to, and including, 1.1.8. This makes it possible for...
EUVD-2019-2958
Malware in sbrugna...
EUVD-2023-0555
Malicious code in bioql PyPI...
EUVD-2022-29642
Malicious code in bioql PyPI...
Apple macOS Sequoia has an unspecified vulnerability (CNVD-2025-18406)
Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from a security vulnerability that stems from an insufficient code signature restriction, which can be exploited by an attacker to cause access to private user data...
CVE-2022-24866
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could...
CVE-2020-5244
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...
Homepage 安全漏洞
Homepage is a highly customizable homepage with Docker and Service API integration from Homepage open source. A security vulnerability exists in Homepage version 0.9.1, which stems from a lack of authentication that makes the default settings vulnerable to DNS rebinding attacks, which could allow...
Apache James Information Disclosure Vulnerability
Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. An attacker with local access could use this vulnerability to access private user data in transit...
CVE-2022-45935
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
Apache James server allows an attacker with local access to access private user data in transit
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
CVE-2022-45935
Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions...
Apache James 信息泄露漏洞
Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. An attacker with local access could use this vulnerability to access private user data in transit...
Information Disclosure
buddypress is vulnerable to information disclosure. Requests to a some of the REST API endpoints can allow an unauthenticated remote attacker to obtain private user data...
Authentication flaw
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2...
Hiro: Can view all username leaked in https://core.blockstack.org
Hello team, This should be private hide all username who registered in blockstack.org the attacker can get the information of a user https://core.blockstack.org/v1/subdomains?page=10 i thought it is a demo users but i found my username in the list this should be private "demoaccount1.stealthy.id"...
Microsoft Internet Explorer Information Disclosure (MS17-006: CVE-2017-0059)
Information disclosure vulnerabilities exists in Microsoft Internet Explorer. This vulnerability is due to improper handling of objects in memory. A successful exploitation could result in an out-of-bounds read and access to private user data...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Kibana security update
An update for Red Hat OpenShift Enterprise Kibana images is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...