23 matches found
EUVD-2021-19350
Malware in sbrugna...
EUVD-2021-19349
Malware in sbrugna...
EUVD-2020-26265
Malware in sbrugna...
EUVD-2022-7017
Malicious code in bioql PyPI...
PT-2025-25459
Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A medium-severity flaw in Grafana Alerting exposes sensitive DingDing contact point URLs to viewers. This issue may lead to data exposure. Recommendations Update to a patched version to resol...
CVE-2021-32503
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system...
CVE-2022-39292
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...
CVE-2022-39292
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...
Information disclosure
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...
CVE-2022-39292 Exposure of sensitive Slack webhook URLs in debug logs and traces
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...
CVE-2022-39292 Exposure of sensitive Slack webhook URLs in debug logs and traces
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...
CVE-2021-32504
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system...
Hashicorp Terraform 信息泄露漏洞
Hashicorp Terraform is an open source tool for provisioning and managing cloud infrastructures from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Terraform Enterprise versions prior to 202108-1, which stems from the fact that HashiCorp Terraform Enterprise prior to...
CVE-2019-9428
In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:...
Information disclosure
In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:...
Information Disclosure
Firefox is vulnerable to information disclosure attacks. A remote user could trigger a same-origin policy bypass in the Resource Timing API to view potentially sensitive URLs on the target user's system...
Chaturbate: Leaking Username and Password in the URLs via Virustotal, can leads to account takeover
Hi Dear @chaturbate team Vulnerability Type Critical Information Leakage in URLs via Virustotal. Vulnerability Severity High. Description During my regular testing, went to https://www.virustotal.com/%2Fdomain%2Fchaturbate.com After reviewing all URLs more and more, I got 2 Interesting and Critic...
Mixmax: SSRF via webhook
Hi, There exists an SSRF vulnerability with the account webhook feature, allowing an attacker to verify the existence of the EC2 metadata url and enumerate URL's. POC: 1. Create a webhook at https://app.mixmax.com/dashboard/settings/rules with url http://169.254.169.254/latest/meta-data/. 2...
Hitron Technologies CDE-30364 Denial Of Service
!/usr/bin/python ----------------------------------------------------------------------------------------- Description: ----------------------------------------------------------------------------------------- Hitron Technologies CDE-30364 is a famous ONO Router. Scanning certain sensitive urls t...
CVE-2010-1393
The Cascading Style Sheets CSS implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL...