UBUNTU-CVE-2024-10240

An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project,...

PT-2024-8870 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.3 through 17.3.7 GitLab EE versions 17.4 through 17.4.4 GitLab EE versions 17.5 through 17.5.2 GitLab CE versions 17.3 through 17.3.7 GitLab CE versions 17.4 through 17.4.4 GitLab CE versions 17.5 through 17.5.2...

Apache Tomcat - information disclosure (CVE-2023-42795 )

When recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next...

CVE-2024-30106

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30106 HCL Connections is vulnerable to an information disclosure vulnerability

HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entitled to due to the improper handling of request data...

CVE-2024-30118

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data...

CVE-2024-30118

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data...

MAL-2024-12269 Malicious code in faest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f66b290465d72fc55bce4fef4200ebea68c430be84cdcbbabec5263958041781 When using this library to do any request, a "validateorigin" function is called L1320 in client.py. This method, located in utils.py, collects all request dat...

Invision Community Security Breach

Invision Community is a software for designing and developing mobile application UI from Invision USA. A security vulnerability exists in Invision Community versions prior to 4.7.16 that stems from the application failing to properly clean up request parameters, which can be exploited by an...

awesome-web-pocs

Awesome Web PoCs !arXivhttps://img.shields.io/badge/arXiv-...

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

GHSA-97JM-G33H-F46G silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

DEBIAN-CVE-2024-26995

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpdo and nrsrcpdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it...

CVE-2023-42954

A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests...

CVE-2023-28022

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

CVE-2023-28022

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

CVE-2023-28022 HCL Connections is vulnerable to sensitive information disclosure

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

CVE-2023-28022

CVE-2023-28022 affects HCL Connections and is described as an information-disclosure vulnerability caused by improper handling of request data. The NVD entry assigns CVSS v3.1 base score 6.5 (Medium) with Network attack vector, Low attack complexity, Privileges required: Low, User interaction: No...