Lucene search
K

56 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-34099

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS0.00459EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 5:4 p.m.26 views

CVE-2026-9678

Undici (node) vulnerability CVE-2026-9678: in shared-cache mode, the cache interceptor may misclassify responses as cacheable when Cache-Control uses whitespace-padded private/no-cache directives (e.g., private=" authorization" or no-cache="\tauthorization"). The whitespace is preserved by the pa...

5.9CVSS5.2AI score0.00374EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/21 3:20 p.m.9 views

EUVD-2026-23903

OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure...

5.3CVSS5.7AI score0.00176EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.5 views

Apple Live Caller ID Privacy Concerns

Apple's oblivious HTTP relay for Live Caller ID Lookup iOS 18+ routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint Yandex, and a Swiss GmbH whose privacy policy names "The Legal Entity to be...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:30 a.m.7 views

CVE-2021-27583

In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

5.3CVSS7AI score0.011EPSS
Exploits1References1
NVD
NVD
added 2025/12/08 5:16 p.m.5 views

CVE-2025-48600

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS0.00097EPSS
Exploits0References1
OSV
OSV
added 2025/12/08 5:16 p.m.4 views

CVE-2025-48600

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6AI score
Exploits0References2
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. Google Android suffers from a security vulnerability that stems from a lack of permission checking, which could lead to cross-user information disclosure...

5.5CVSS6.2AI score0.00097EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-17089

Malware in sbrugna...

4.3CVSS4.7AI score0.00835EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-7286

Malware in sbrugna...

8.8CVSS8.6AI score0.01771EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-25856

Malicious code in bioql PyPI...

5.5CVSS6.4AI score0.00085EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54955

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.00088EPSS
Exploits0References2
NVD
NVD
added 2025/09/02 11:15 p.m.8 views

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS0.00088EPSS
Exploits0References2
OSV
OSV
added 2025/09/02 11:15 p.m.5 views

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00088EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/02 10:11 p.m.8 views

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00088EPSS
Exploits0References2
NVD
NVD
added 2025/08/26 11:15 p.m.4 views

CVE-2025-0082

In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

5.5CVSS0.00085EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/14 6:24 p.m.7 views

CVE-2025-22392

Out-of-bounds read in firmware for some IntelR AMT and IntelR Standard Manageability may allow a privileged user to potentially enable information disclosure via network access...

5.9CVSS6.7AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.5 views

PT-2025-43484

Name of the Vulnerable Software and Affected Versions versions prior to 2025-48600 Description A missing permission check in multiple files may allow information disclosure across users. Exploitation does not require additional execution privileges or user interaction. This could lead to local...

5.5CVSS5.9AI score0.00097EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 3:9 a.m.6 views

CVE-2023-21321

In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.4AI score0.00083EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:38 p.m.10 views

CVE-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. It shouldn't because the...

4.3CVSS6.7AI score0.00835EPSS
Exploits1
Rows per page
Query Builder