644 matches found
CVE-2025-6984 Sensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchain
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which...
IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞
IBM Sterling B2B Integrator and IBM Sterling File Gateway are both products of International Business Machines IBM.IBM Sterling B2B Integrator is a suite of software that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B...
SMA Solar Technology AG Sunny Boy 安全漏洞
SMA Solar Technology AG Sunny Boy is a photovoltaic inverter from SMA Solar Technology AG, Germany. A security vulnerability exists in the SMA Solar Technology AG Sunny Boy that stems from improper access control and could lead to the disclosure of sensitive system information...
WordPress plugin TaxoPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
YugabyteDB 安全漏洞
YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from a diagnostic information transfer over HTTP that could lead to the disclosure of sensitive data...
Cursor 代码问题漏洞
Cursor is an AI code editor open-sourced by Cursor. A code issue vulnerability exists in Cursor versions prior to 1.3 that stems from Mermaid allowing embedded images, which could lead to the disclosure of sensitive information...
Code-Projects Restaurant Order System 安全漏洞
Code-Projects Restaurant Order System is an open source restaurant order system from Code-Projects. A security vulnerability exists in Code-Projects Restaurant Order System version 1.0, which originates from a SQL injection vulnerability in the payment.php file, which may lead to the disclosure o...
IBM Cognos Analytics Mobile 安全漏洞
IBM Cognos Analytics Mobile is an application from International Business Machines IBM, Inc. Integrates reporting, modeling, analytics, dashboards, cases, and event management. A security vulnerability exists in IBM Cognos Analytics Mobile versions 1.1.0 through 1.1.22, which originates from the...
Perplexity AI Web Application 安全漏洞
Perplexity AI Web Application is a big data search engine application utilizing a big language model from Perplexity, Inc. in the United States. A security vulnerability exists in Perplexity AI Web Application GPT-4 version 2.51.0, which stems from mishandling of the token component and could lea...
PT-2025-28738 · Adobe · Substance3D - Stager
Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.1.2 and earlier Description: Substance3D - Stager is affected by an out-of-bounds read issue that may result in the disclosure of sensitive memory. Successful exploitation requires a user to open a specially...
Trellix System Information Reporter 安全漏洞
Trellix System Information Reporter is a system information cell phone tool from Trellix USA. A security vulnerability exists in Trellix System Information Reporter version 1.0.3 and earlier, which stems from a sensitive information disclosure issue...
Path Traversal Vulnerability in Various ABB Products (CNVD-2025-13774)
ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...
Cisco Customer Collaboration Platform Information Disclosure Vulnerability
Cisco Customer Collaboration Platform Cisco CCP is a customer collaboration platform from Cisco USA. Cisco Customer Collaboration Platform suffers from an information disclosure vulnerability that stems from the application's inadequate protection of sensitive information, which can be exploited ...
Path transversal vulnerability potentially leading to sensitive information disclosure (CVE-2025-4661)
A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit...
Acronis Cyber Protect 代码问题漏洞
Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. Combining backup, anti-malware, network security and endpoint management features such as vulnerability assessment, URL filtering, patch management, etc.... Acronis Cyber Protect...
CVE-2025-2394
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2024-21988
StorageGRID formerly StorageGRID Webscale versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation...
CVE-2023-34090
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...
CVE-2023-2360
Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure ACI before build 5.2.0-135...
CVE-2023-22580
Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure...