Missing Authorization

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Missing Authorization in the export process. An attacker can gain access to the structure of forms they are no...

GHSA-33M5-HQP9-97PW Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Summary AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking whether the requesting user has viewAssets or viewPeerAssets permission ...

PT-2026-37441

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

EUVD-2020-3082

Malware in sbrugna...

EUVD-2020-8899

Malware in sbrugna...

PT-2024-10317 · 1с · Битрикс24 +1

Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is related to the UI module of the Битрикс24 business management service and the 1С-Битрикс site management system CMS, which fails to protect the web page...

Design/Logic Flaw

Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."...

New release of MySQL fixes security bugs

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure...