28076 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the sort parameter in the jsonapi/review endpoint. An attacker can access sensitive database information and manipulate query results by sending specially crafted GET requests. Remediation There is no fixed version for...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the Delete function. An attacker can delete arbitrary files on the server by submitting crafted path traversal sequences in the path parameter. Details A Directory Traversal attack also known as path traversal ai...
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...
CVE-2026-20076
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
CVE-2026-22919
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting XSS attacks, leading to the extraction of sensitive data...
CVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...
CVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...
CVE-2026-22918
An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...
CVE-2026-22919
An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting XSS attacks, leading to the extraction of sensitive data...
CVE-2026-22918
An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...
CVE-2026-22918
An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...
CVE-2026-22913
CVE-2026-22913 is linked to improper handling of a URL parameter that may allow code execution in a user’s browser after login, potentially leading to sensitive data exposure. Public details from NVD and Red Hat/CIRCL/SICK pages describe the vulnerability and impact as confidentiality/data leakag...
CVE-2026-0717
The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...
CVE-2025-67399
An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...
Pimcore security vulnerabilities
Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Versions of Pimcore prior to 12.3.1 and 11.5.14 contained security...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003538)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003538 advisory. The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg...
JetBrains TeamCity Guest Access Detected
JetBrains TeamCity is a continuous integration and build management system that allows guest access if the feature is enabled. If guest login is enabled, an attacker can access the TeamCity server without authentication, potentially leading to unauthorized access to sensitive information and syst...
PT-2026-2994
Name of the Vulnerable Software and Affected Versions Web Application affected versions not specified Description A flaw exists in a web application where improper handling of a URL parameter could allow attackers to execute code in a user's browser following login. Successful exploitation may...
PT-2026-3074
Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the http error log file stores the $ COOKIE and $ SERVER...