CVE-2019-5475

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919 Potentially allowing an attacker to read certai...

CVE-2024-27106

The CVE-2024-27106 entry concerns GE HealthCare EchoPAC products with vulnerable data in transit due to a lack of encryption. Affected component/behavior is data in transit handling, and the underlying root cause is insufficient encryption measures. Reported impact is potential unauthorized acces...

CVE-2024-27106 Vulnerable data in transit in GE HealthCare EchoPAC products

Vulnerable data in transit in GE HealthCare EchoPAC products...

CVE-2024-27106 Vulnerable data in transit in GE HealthCare EchoPAC products

Vulnerable data in transit in GE HealthCare EchoPAC products...

WordPress Social Pug Plugin < 1.33.1 is vulnerable to Sensitive Data Exposure

Software Social Pug Type Plugin Vulnerable versions 1.33.1 Fixed in 1.33.1 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1526 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ac219e9d734d Credits Krzysztof Zając CERT PL Required...

CVE-2024-0447 ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with...

CVE-2022-26866

Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user...

CVE-2021-43780 Server-Side Request Forgery (SSRF) in Redash

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

PT-2021-14402 · Helm +1 · Helm +1

Name of the Vulnerable Software and Affected Versions: Helm versions 3.0 through 3.5.2 Description: Helm, a tool for managing Charts in Kubernetes, has cases where data loaded from potentially untrusted sources was not properly sanitized. This includes invalid SemVer in the version field of a...

Design/Logic Flaw

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...