CVE-2026-42092

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

CVE-2026-27793

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...

CVE-2026-27793

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...

Exploit for CVE-2025-2304

Camaleon CMS 2.9.0 – Authenticated Privilege Escalation Role...

CVE-2023-30146

Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials...

Debian: Security Advisory (DLA-349-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-4346

The All-In-One Security AIOS WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address...

CVE-2022-4346 All In One WP Security & Firewall < 5.1.3 - Configuration Leak

The All-In-One Security AIOS WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address...

Django settings leak in date template filter

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

Fedora 23 : python-django-1.8.7-1.fc23 (2015-a8c8f60fbd)

This update fixes CVE-2015-8213: Fixed settings leak possibility in date template filter, more info can be found https://www.djangoproject.com/weblog/2015/nov/24/security-releases-iss ued/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

SUSE-SU-2016:0044-1 Security update for python-Django

This update fixes the following security issues: - bnc955412, CVE-2015-8213 Possible settings leak in date template filter - bnc937522, CVE-2015-5143 Possible denial-of-service in session store - bnc937523, CVE-2015-5144 Possible Header injection - bnc941587, CVE-2015-5963 Possible...

SUSE-SU-2016:0040-1 Security update for python-Django

This update for python-Django fixes the following issues: - Prevent settings leak in date template filter. bsc955412, CVE-2015-8213...

SUSE-SU-2015:2327-1 Security update for python-Django

This update for python-Django fixes the following issues: - Add 0004-1.6.x-fixed-a-settings-leak-possibility-in-the-date-.patch to prevent settings leak in date template filter bsc955412, CVE-2015-8213...

openSUSE Security Update : python-django (openSUSE-2015-860)

The python-django package was updated to fix the following security issue : - CVE-2015-8213: Fixed a problem to prevent settings leak in date template filter bnc955412 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE Security Update : python-Django (openSUSE-2015-862)

The python-Django package was updated to fix the following security issue : - CVE-2015-8213: Fixed a problem to prevent settings leak in date template filter bnc955412. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Debian DLA-349-1 : python-django security update

It was discovered that there was a potential settings leak in date template filter of Django, a web-development framework. If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious...

[SECURITY] [DLA 349-1] python-django security update

Package : python-django Version : 1.2.3-3+squeeze15 CVE ID : CVE-2015-8213 It was discovered that there was a potential settings leak in date template filter of Django, a web-development framework. If an application allows users to specify an unvalidated format for dates and passes this format to...

DLA-349-1 python-django - security update

Bulletin has no description...

eXeem 0.21 - Local Password Disclosure

eXeem 0.21 - Local Password Disclosure / eXeem v0.21 Local Exploit by Kozan Application: eXeem v0.21 Vendor: www.exeem.com Vulnerable Description: eXeem v0.21 discloses passwords for proxy settings to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web : www.netmagister.com Web2:...

GLSA-200402-01 : PHP setting leaks from .htaccess files on virtual hosts

The remote host is affected by the vulnerability described in GLSA-200402-01 PHP setting leaks from .htaccess files on virtual hosts If the server configuration 'php.ini' file has 'registerglobals = on' and a request is made to one virtual host which has 'phpadminflag registerglobals off' and the...