Lucene search
K

90 matches found

Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.10 views

PT-2024-24280 · Ibm · Ibm Openbmc

Name of the Vulnerable Software and Affected Versions: IBM OpenBMC versions FW1050.00 through FW1050.10 Description: The BMCWeb HTTPS server component in IBM OpenBMC could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. Recommendations: For versions...

7.5CVSS7AI score0.0055EPSS
Exploits0References3
Veracode
Veracode
added 2024/05/22 6:5 a.m.11 views

Information Disclosure

neos/neos is vulnerable to Information Disclosure. The vulnerability is due to improper access controls allowing the viewing of internal workspaces without authentication. This allows attackers to read sensitive content from internal workspaces without permission...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/06 9:48 a.m.32 views

How to Find and Fix Risky Sharing in Google Drive

Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally...

6.8AI score
Exploits0
Prion
Prion
added 2024/01/29 1:15 p.m.38 views

Design/Logic Flaw

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

5CVSS7.1AI score0.01149EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/29 12:20 p.m.31 views

CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

7.5CVSS7AI score0.01149EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/01/29 12:20 p.m.42 views

CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

7.8AI score0.01149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.10 views

PT-2023-8684 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.2.1 Description: A session rendering issue was addressed with improved session tracking. This issue may cause a user who shares their screen to unintentionally share the incorrect content. The problem is...

6.8CVSS5.1AI score0.00707EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2023/12/06 1:32 a.m.43 views

CVE-2023-42916

A flaw was found in WebKitGTK. Processing malicious web content may cause an out-of-bounds read due to an improper input validation, resulting in sensitive content leaking...

6.8CVSS6.6AI score0.17823EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/03/06 12:0 a.m.10 views

CVE-2022-48364

The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...

7AI score0.00685EPSS
Exploits1References4
NVD
NVD
added 2023/01/31 8:15 a.m.20 views

CVE-2022-39061

ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services...

6.5CVSS6.4AI score0.00708EPSS
Exploits0References1
Prion
Prion
added 2023/01/31 8:15 a.m.13 views

Design/Logic Flaw

ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services...

6.4CVSS6.4AI score0.00708EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/31 12:0 a.m.9 views

CVE-2022-39061 ChangingTec MegaServiSignAdapter - Out-of-bounds Read

ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services...

6.5CVSS6.4AI score0.00708EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.5 views

Apple macOS 安全漏洞

Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura prior to version 13.2, which stems from a permissions issue where applications may be able to access user-sensitive content...

5.5CVSS5.7AI score0.00191EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2022/09/07 1:0 p.m.17 views

YouTube transparency report shows battle against misinformation

Statistics for YouTube community guidelines enforcement are now available for the period April to June 2022, via Googles Transparency Report. YouTube channels are terminated if they accrue three community guideline strikes in 90 days, have a case of severe abuse predatory behaviour, for example, ...

0.5AI score
Exploits0
Prion
Prion
added 2022/09/06 6:15 p.m.18 views

Input validation

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

3.3CVSS5AI score0.01355EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/06 5:19 p.m.7 views

CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

4.9CVSS6.1AI score0.01355EPSS
Exploits2References4
Cvelist
Cvelist
added 2022/09/06 5:19 p.m.37 views

CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read

The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...

4.9CVSS5.3AI score0.01355EPSS
Exploits2References4
OSV
OSV
added 2022/05/17 2:57 a.m.7 views

GHSA-V4VJ-49M5-WJHW Plone vulnerable to unauthorized disclosure of site content

Plone versions 3.3 before 4.3.10 and 5.x before 5.0.5 allow remote attackers to obtain information about the ID of sensitive content via unspecified vectors...

6.9CVSS5AI score0.01115EPSS
Exploits0References5
Schneier on Security
Schneier on Security
added 2022/01/21 12:6 p.m.17 views

China’s Olympics App Is Horribly Insecure

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, ha...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2021/01/07 7:12 p.m.280 views

Doppler VDP: Stored XSS in [https://dashboard.doppler.com/workplace/*/logs] pages

Summary: I have found a stored XSS vulnerability in the following config setting page. https://dashboard.doppler.com/workplace//projects/example-project/configs/dev/logs When you invite other users to the workspace, the xss could be used to exploit other users also. Steps To Reproduce: 1 . Visit...

0.5AI score
Exploits0
Rows per page
Query Builder