CVE-2024-40393

Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php...

CVE-2024-4660

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates...

CVE-2024-34057

Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in a denial of service...

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

CVE-2024-35427

vmir e8117 was discovered to contain a segmentation violation via the exportfunction function at /src/vmirwasmparser.c...

CVE-2023-23448

Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code...

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence AI assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites...

CVE-2023-41921

A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achievin...

CVE-2023-48039

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gfmpdparsestring mediatools/mpd.c:75...

CVE-2023-33740

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message...

CVE-2023-33477

In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

CVE-2023-27132

TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product...

CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...

CVE-2023-47704

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220...

CVE-2023-3413

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...

CVE-2022-25516

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbttfindtable at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...

CVE-2022-34002

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...

CVE-2022-30286

pyscriptjs aka PyScript Demonstrator in PyScript through 2022-05-04 allows a remote user to read Python source code...

CVE-2022-25514

stbtruetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT at stbtruetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input...