EUVD-2019-13388

Malware in sbrugna...

EUVD-2024-2826

Malicious code in bioql PyPI...

CVE-2025-53964

GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...

CVE-2024-31869

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

CVE-2004-2575

phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to 1 hookadmin.inc.php, 2 hookhome.inc.php, 3 class.holidaycalc.inc.php, and 4 setup.inc.php.sample, which reveals the path in an error message...

Linux Distros Unpatched Vulnerability : CVE-2017-5661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. T...

CVE-2025-1738

A Password Transmitted over Query String vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity, exposing this sensitive information to a third party...

CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a...

CVE-2024-5133

In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the GET /v1/users/me/org endpoint, which...

Mozilla Thunderbird < 132.0.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 132.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-62 advisory. - Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. CVE-2024-11159 Note...

CVE-2022-39168

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422...

CVE-2021-42948

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's...

CVE-2019-10210

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file...

Local file exposure

PMASA-2016-35 Announcement-ID: PMASA-2016-35 Date: 2016-07-12 Summary Local file exposure Description A vulnerability was discovered where a user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. Severity We consider this vulnerability to be...

Oracle Reports Servlet Parsequery Function Remote Database Credentials Exposure

Nessus was able to exploit a flaw in the Oracle Reports servlet parsequery function, and was able to retrieve the plaintext database credentials for one or more users. A remote attacker can exploit this vulnerability to gain unauthorized database access. %NASLMINLEVEL 70300 C Tenable Network...

Google Android 4.2 Browser and WebView - &#039;addJavascriptInterface&#039; Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule OperatingSystems::Match::ANDROID, :arch = ARCHARMLE, :javascript = true, :rank =...