21 matches found
EUVD-2024-51476
Malicious code in bioql PyPI...
CVE-2025-2499
Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This...
CVE-2024-13262
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal View Password allows Cross-Site Scripting XSS.This issue affects View Password: from 0.0.0 before 6.0.4...
CVE-2024-13262
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal View Password allows Cross-Site Scripting XSS.This issue affects View Password: from 0.0.0 before 6.0.4...
CVE-2024-13262 View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal View Password allows Cross-Site Scripting XSS.This issue affects View Password: from 0.0.0 before 6.0.4...
CVE-2024-13262 View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal View Password allows Cross-Site Scripting XSS.This issue affects View Password: from 0.0.0 before 6.0.4...
CVE-2024-13262
CVE-2024-13262 affects the Drupal View Password module (pre-6.0.4). The root cause is improper neutralization of input during web page generation, leading to a Cross-Site Scripting (XSS) vulnerability. The issue affects View Password versions from 0.0.0 up to, but not including, 6.0.4. Exploitati...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal View Password prior to version 6.0.4, which stems from improper input neutralization during page generation, resulting in a cross-site scripting...
CVE-2024-12196
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission...
CVE-2024-12196
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission...
CVE-2024-12196
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission...
CVE-2024-11670
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions...
CVE-2024-11670
The CVE-2024-11670 issue affects Devolutions Remote Desktop Manager (Windows) versions 2024.2.21 and earlier, due to incorrect authorization in the permission validation component that lets an authenticated user bypass the View Password permission. Documents from Red Hat, Tenable Nessus, CVE list...
PT-2024-17178 · Devolutions · Devolutions Remote Desktop Manager
Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.2.21 and earlier Description: The issue is related to incorrect authorization in the permission validation component, allowing a malicious authenticated user to bypass the "View Password"...
PT-2024-10738 · Alecto · Alecto Ivm-100
Name of the Vulnerable Software and Affected Versions: Alecto IVM-100 version 2019-11-12 Description: An issue was discovered where a large amount of information is disclosed when attaching to the serial interface at the board level and rebooting the device. This includes the view password and th...
DRUPAL-CONTRIB-2024-026
The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes. The module doesn't validate the content of classes. A malicious user with access ...
Drupal View Password module < 6.0.4 - Administrator+ Cross Site Scripting (XSS) vulnerability
Administrator+ Cross Site Scripting XSS vulnerability discovered by Ide Braakman in WordPress Module View Password versions 6.0.4...
View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026
The View Password module enables you to add a help icon button next to the password input field to toggle the password visibility. The administrative user is allowed to add classes to this icon for styling purposes. The module doesn't validate the content of classes. A malicious user with access ...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
Jenkins Plugin RQM 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could exploit this vulnerability to allow a user with access to t...