Search Vulnerabilities

quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API

AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)

Cillium exposes sensitive information included in the cilium-bugtool debug archive

SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak

Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host

Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access

electerm: Full process.env exposed to renderer via window.pre.env in electerm

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Azure DevOps Information Disclosure Vulnerability

Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment

PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure

FlowiseAI Flowise Endpoint account.service.ts verify information disclosure

HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.

HCL BigFix Service Management (SM) is affected by use of a vulnerable component

HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials

HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header

FlowiseAI Flowise API Response account.service.ts login information disclosure