WordPress plugin rtMedia for WordPress, BuddyPress and bbPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Yoel Geva 信息泄露漏洞

Yoel Geva is a psychometric and graduation application from Yoel Geva, Inc. An information disclosure vulnerability exists in Yoel Geva version 5.5.4 that originates from exposing sensitive information to unauthorized participants...

SUSE CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

No access control on critical functions

Lines of code Vulnerability details The contract lacks proper access control on critical functions, allowing unauthorized parties to execute them. Recommendation: Use OpenZeppelin Ownable control for minting/burning, etc. Before: // No access control checks in critical functions function...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

CVE-2023-6868

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox 121...

Semrush: IDOR vulnerability reveals additional information

An issue was identified in the Content Outline Builder product. Changing a user ID in a GraphQL request could reveal additional information about users. A subsequent internal review revealed no evidence of exploitation by unauthorized parties...

CVE-2022-33757

An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance...

Semrush: Exposure of service tokens to webpack bundle

Service tokens were exposed in a webpack bundle during the build process due to environment variables being accidentally included in the webpack configuration file. A review found no evidence the exposed tokens were used by unauthorized parties...

CVE-2021-39020

IBM Guardium Data Encryption GDE 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855...

Information disclosure

Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history...

CVE-2020-27414

Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, MITM or browser history...

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in spiral-project/ihatemoney

Description Secure flag is not implemented on the application Proof of Concept https://drive.google.com/file/d/10p4ejCFsLA6LO32nPNTRKqZjlqVHVpUf/view?usp=sharing Impact The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP...

curl: CVE-2021-22923: Metalink download sends credentials

Summary: When compiled --with-libmetalink and used with --metalink and --user curl will use the credentials for any further transfers performed. This includes different hosts and protocols, even ones without transport layer security such as http and ftp. As a result the credentials only intended...

HCL Digital Experience Information Disclosure Vulnerability

HCL Digital Experience is a suite of digital experience platforms, content delivery solutions from HCL India. A security vulnerability exists in HCL Digital Experience version 9.5 which allows exposure of sensitive data to unauthorized parties. No details of the vulnerability are available at thi...

CVE-2020-14255

HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations...

IBM WebSphere eXtreme Scale 8.6.1 < 8.6.1.4 (6397682)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.4. It is, therefore, affected by a vulnerability as referenced in the 6397682 advisory. - IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information...