Search Vulnerabilities

Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication

Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

InvenTree Vulnerable to ORM Filter Injection

e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_acc...

Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy

Unauthenticated Craft CMS users can trigger a database backup

Users are able to find users by name even when `enable_names` is off

phpMyFAQ has unauthenticated config backup download via /api/setup/backup

Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs

Dragonfly allows arbitrary file read and write on a peer machine

Dell Wyse Management Suite, versions prior to WMS 5

Dell Wyse Management Suite, versions prior to WMS 5

Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker ...

Cleartext Storage of Username and Password in Finrota's Netahsilat

NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure

Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint

Information leak in api

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to...