28034 matches found
IBM DataPower Gateway 安全漏洞
IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...
Cisco Evolved Programmable Network Manager 安全漏洞
Cisco Evolved Programmable Network Manager is a network management solution provided by the American company Cisco. There is a security vulnerability present in Cisco Evolved Programmable Network Manager. This vulnerability stems from improper authorization checks on the REST API endpoints of...
ROS-20260401-73-0022
A vulnerability in the PNG raster graphics library Libpng is related to reading outside of the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data and cause a denial of service...
ROS-20260401-73-0023
A vulnerability in the PNG raster graphics library Libpng is related to reading outside of the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data and cause a denial of service...
ROS-20260401-73-0021
A vulnerability in the PNG raster graphics library Libpng is related to reading outside of the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data and cause a denial of service...
ROS-20260401-73-0019
A vulnerability in the PNG raster graphics library Libpng is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data and cause a denial of service...
CVE-2026-34732
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...
CVE-2026-34732
CVE-2026-34732 concerns WWBN AVideo. Red Hat, OSV, CVE listings confirm that versions up to 26.0 contain a missing authentication/authorization check in the CreatePlugin template’s list.json.php, unlike add.json.php and delete.json.php which require admin rights. This omission creates 21 unauthen...
CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...
CVE-2026-34732
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...
CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...
CVE-2026-2328
An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information...
CVE-2026-5128
A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username, password, identity secret, and shared secret. In...
USN-8137-1 ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerability
It was discovered that the Ruby URI gem did not properly handle sensitive information when combining URIs. A remote attacker could possibly use this issue to leak authentication credentials...
CVE-2026-1797
The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information...
CVE-2026-1797 Truebooker - Appointment Booking and Scheduler Plugin <= 1.1.4 - Sensitive Information Exposure via Views Files
The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information...
CVE-2026-1797
The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information...
CVE-2026-1797 Truebooker - Appointment Booking and Scheduler Plugin <= 1.1.4 - Sensitive Information Exposure via Views Files
The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This makes it possible for unauthenticated attackers to view potentially sensitive information...
CVE-2026-34036 Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php
Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions 22.0.4 and prior, there is a Local File Inclusion LFI vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting...
CVE-2026-4020
Gravity SMTP for WordPress versions up to 2.1.4 exposes a REST endpoint at /wp-json/gravitysmtp/v1/tests/mock-data whose permission_callback always returns true, allowing unauthenticated access. When the ?page=gravitysmtp-settings parameter is used, register_connector_data() populates internal da...