EUVD-2026-31360

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

EUVD-2023-50924

Malicious code in bioql PyPI...

CVE-2024-38524 GWC Home Page communicate version and revision information

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPageHttpServletRequest, HttpServletResponse has no check to hide potentially sensitive information from users except for a hidden system property to hide the...

GeoServer 信息泄露漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. An information disclosure vulnerability exists in GeoServer that stems from not hiding potentially sensitive information, which could lead to disclosure of storage...

CVE-2023-46757

The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-46757

The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality...

PT-2023-30187 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a vulnerability in the remote PIN module that causes incorrect information storage locations, potentially affecting confidentiality...

SWC-109 Uninitialized Storage Pointer

Lines of code Vulnerability details Impact Uninitialized local storage variables can point to unexpected storage locations in the contract, which can lead to intentional or unintentional vulnerabilities. Proof of Concept Exploit Vulnerability OrderStatus storage orderStatus; Tools Used github...

SWC-109 Uninitialized Storage Pointer

Lines of code Vulnerability details Impact Uninitialized local storage variables can point to unexpected storage locations in the contract, which can lead to intentional or unintentional vulnerabilities. Proof of Concept OrderStatus storage orderStatus; Tools Used github Recommended Mitigation...

SWC-109 Uninitialized Storage Pointer

Lines of code Vulnerability details Impact Uninitialized storage variables can point to unexpected storage locations. Proof of Concept // Exploitable Vulnerability MemoryPointer callData; Tools Used github Recommended Mitigation Steps // Initialize variable "callData" or set the storage attribute...

Microsoft Windows #MicrosoftWindows .library-ms Information Disclosure Vulnerability

Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as .library-ms files. The .library-ms filetype...

How to Move Replica Metadata

Purpose This article documents the procedure for moving replica metadata between repositories. While moving the replica metadata is not required when changing which repository a replication job uses, moving the metadata will eliminate the need for a lengthy "calculating disk digest" task after th...

User Shell Folders Settings

Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below : - Administrative Tools - AppData - Cache - CD Burning - Cookies - Desktop - Favorites - Fonts - History - Local AppData - My Music - M...

Researchers Find Methods to Kill Persistent 'Evercookie'

The persistent method that security researcher Samy Kamkar introduced last week for storing tracking data on a user’s machine, known as the “Evercookie,” is even more worrisome when used on mobile devices, according to another researcher’s analysis. The Evercookie is a simple method for forcing a...