CVE-2024-28200

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found (Low) CVE-2024-35144

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Web Application Source Code Disclosure Pattern Found Low CVE-2024-35144. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35144 DESCRIPTION: IBM Maximo...

Security Bulletin: IBM Datapower Operations Dashboard could allow an attacker to map URLs to filesystem locations that are unreachable by any URL CVE-2024-38475

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network implementation Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to...

PT-2025-2793 · Autolib Software Systems · Autolib Software Systems Opac

Name of the Vulnerable Software and Affected Versions: AutoLib Software Systems OPAC version 20.10 Description: The issue concerns exposed API keys within the source code. Attackers may use these keys to access the backend API or other sensitive information. Recommendations: For AutoLib Software...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Summary Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. By using...

GHSA-4GF7-FF8X-HQ99 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Summary Source code may be stolen during dev when using webpack / rspack builder and you open a malicious web site. Details Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject in their site and run the script. By using...

Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Summary Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Details While Vite patched the default CORS settings to fix https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6, nuxt uses its own CORS handler by...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

CVE-2024-57549

CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request...

CMSimple 安全漏洞

CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16 that originates from allowing a user to read cms source code by manipulating the filename in the file parameter of a GET request...

CVE-2024-57549

CMSimple 5.16 is affected by an information-disclosure vulnerability where an attacker can read the CMS source code by manipulating the file parameter in a GET request. The root cause is insufficient restriction of the path in the file parameter, enabling access to restricted files. Impact stated...

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

CVE-2024-35144

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

CVE-2024-35144 IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

CVE-2024-35144

The CVE-2024-35144 case affects IBM Maximo Application Suite Monitor Component (versions 8.10, 8.11, 9.0). Description: the Monitor Component stores source code on the web server, creating potential disclosure of sensitive information (CWE-540). Impact is information disclosure that could aid fur...

CVE-2024-35144 IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...

CVE-2025-24361

The CVE-2025-24361 issue affects Nuxt (Vue.js) dev-server workflow: when using webpack (3.0.0–3.15.12) or rspack (3.12.2–3.152) builders, loading a malicious site can trigger source-code exposure. Attacker can use Function::toString on window.webpackChunknuxt_app values to reveal the Nuxt source....