Insertion of Sensitive Information Into Sent Data

Overview github.com/mattermost/mattermost-server/app is an open source Slack-alternative in Golang and React. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the WebSocket post deletion event. An attacker can access unrevealed message...

Malicious code in ui5-cap-event-app-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 837e841e2b75385a4e7c030237983cfe52f91373ffa3e56859c7055ac0a80f4d The package ui5-cap-event-app-server was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-15127

A security vulnerability has been detected in FantasticLBP HotelsServer up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be...

CVE-2025-20381 SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool

In Splunk MCP Server app versions below 0.2.4, a user with access to the "runsplunkquery" Model Context Protocol MCP tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions...

PT-2025-48953

In Splunk MCP Server app versions below 0.2.4, a user with access to the "run splunk query" Model Context Protocol MCP tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions...

CVE-2023-33293

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on .localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read th...

org.keycloak:keycloak-guides (>=16.0.0 <=16.1.1), org.keycloak:keycloak-guides-maven-plugin (>=16.0.0 <=16.1.1) +3 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=16.0.0 <=16.1.1)

org.keycloak:keycloak-quarkus-server MAVEN version =16.0.0, =16.0.0, =16.0.0, =16.0.0, =16.0.0, =16.0.0, =16.1.1 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...

org.keycloak:keycloak-guides (>=19.0.0 <=19.0.3), org.keycloak:keycloak-guides-maven-plugin (>=19.0.0 <=19.0.3) +3 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=19.0.0 <=19.0.3)

org.keycloak:keycloak-quarkus-server MAVEN version =19.0.0, =19.0.0, =19.0.0, =19.0.0, =19.0.0, =19.0.0, =19.0.3 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...

GHSA-58QP-5328-V7MH cumulative-distribution-function Infinite Loop vulnerability

Impact Apps using this library on improper data may crash or go into an infinite-loop In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server may crash. This may affect other users of this server and/or require the server to be rebooted for prop...

GHSA-4X6V-RWH4-55JW Pomelo allows external control of critical state data

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious...

Apple OS X Server App Information Disclosure Vulnerability

Apple OS X Server is a set of Unix-based server operating software from Apple.Time Machine is one of the system backup software components. An information disclosure vulnerability exists in the Time Machine server of the Server App in versions of Apple OS X Server prior to 5.1. Because the progra...

McKesson Pathways Homecare 6.5 Weak Username and Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3653/info McKesson Pathways Homecare is a client/server application which is used to track patient information, billing information and medical records for home care patients. The administrative username and password are...