24 matches found
EUVD-2020-15164
Malware in sbrugna...
EUVD-2017-0146
Malware in sbrugna...
EUVD-2022-1443
Malicious code in bioql PyPI...
EUVD-2022-36954
Malicious code in bioql PyPI...
EUVD-2023-2842
Malicious code in bioql PyPI...
CVE-2025-1112 IBM OpenPages with Watson information disclosure
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users...
CVE-2020-22402
Cross Site Scripting XSS vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code...
CVE-2025-20231
Affected software: Splunk Enterprise (versions below 9.4.1, 9.3.3, 9.2.5, 9.1.8) and Splunk Secure Gateway app (Splunk Cloud Platform) below 3.8.38 and 3.7.23. Description: a low-privileged user without admin/power roles can perform a search using the permissions of a higher-privileged user, risk...
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)
Summary A cross-site scripting XSS vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not...
CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new...
CVE-2020-22402
Cross Site Scripting XSS vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code...
CVE-2020-22402
Cross Site Scripting XSS vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code...
Cross site scripting
Cross Site Scripting XSS vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code...
CVE-2020-22402
Cross Site Scripting XSS vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code...
CVE-2020-22402
Cross Site Scripting XSS vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code...
Information disclosure
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3...
CVE-2020-22176
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information...
CVE-2020-22176
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information...
Improper access control
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106...
Information disclosure
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...