17 matches found
EUVD-2005-0299
Malware in sbrugna...
EUVD-2010-5053
Malware in sbrugna...
EUVD-2023-2367
Malicious code in bioql PyPI...
CVE-2025-43227
This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information...
CVE-2022-32896
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information...
CVE-2024-11602 CORS Vulnerability in feast-dev/feast
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
SQL injection vulnerability in the electronic document security management system of Beijing Yisaitong Technology Development Co.
Yisetong electronic document security management system is an electronic document security protection software, the system utilizes the driver layer transparent encryption technology, through the encryption protection of electronic documents, to prevent internal employees from leaking and externa...
CVE-2024-41701
AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor...
CVE-2021-27437
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM versions prior to...
CVE-2011-4190
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this fl...
Design/Logic Flaw
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this fl...
CVE-2011-4190
The CVE-2011-4190 issue concerns kdump’s OpenSSH integration, where host key verification is missing in kdump and mkdumprd prior to 2012-01-20 (SUSE-specific). The root cause is lack of host key verification, enabling a remote attacker controlling a malicious kdump server to impersonate the legit...
Authentication flaw
Adobe Connect versions 9.7.5 and earlier have an exploitable Authentication Bypass vulnerability. Successful exploitation could lead to sensitive information disclosure...
CVE-2015-3177
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request...
Mandriva Linux Security Advisory : libvirt (MDVSA-2015:115)
Updated libvirt packages fix security vulnerabilities : The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...
Information disclosure
The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem...
CVE-2012-4553
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."...