| Page(s) : 1 ... 393 394 395 396 397 398 399 400 401 402 [403] 404 405 406 407 408 409 410 411 412 413 ... | Result(s) : 299257 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-04-24 | CVE-2024-30113 | cve | Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. |
| 5.3 | 2025-04-24 | CVE-2024-13307 | cve | The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales... |
| N/A | 2025-04-24 | CVE-2024-12244 | cve | An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting ... |
| N/A | 2025-04-24 | CVE-2023-45720 | cve | Insufficient default configuration in HCL Leap allows anonymous access to directory information. |
| N/A | 2025-04-24 | CVE-2023-37534 | cve | Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. |
| N/A | 2025-04-24 | CVE-2023-37516 | cve | Missing "no cache" headers in HCL Leap permits user directory information to be cached. |
| N/A | 2025-04-24 | CVE-2022-44760 | cve | Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. |
| N/A | 2025-04-24 | CVE-2022-44759 | cve | Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. |
| 5.3 | 2025-04-24 | CVE-2021-47664 | cve | Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames. |
| 8.1 | 2025-04-24 | CVE-2021-47663 | cve | Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access. |
| 7.5 | 2025-04-24 | CVE-2021-47662 | cve | Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button. |
| N/A | 2025-04-23 | CVE-2025-46400 | cve | In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. |
| N/A | 2025-04-23 | CVE-2025-46399 | cve | A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. |
| N/A | 2025-04-23 | CVE-2025-46398 | cve | In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. |
| N/A | 2025-04-23 | CVE-2025-46397 | cve | In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function. |
| N/A | 2025-04-23 | CVE-2025-46394 | cve | In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. |
| N/A | 2025-04-23 | CVE-2025-46393 | cve | In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). |
| N/A | 2025-04-23 | CVE-2025-46224 | cve | Rejected reason: Not used |
| N/A | 2025-04-23 | CVE-2025-46223 | cve | Rejected reason: Not used |
| N/A | 2025-04-23 | CVE-2025-46222 | cve | Rejected reason: Not used |
| Page(s) : 1 ... 393 394 395 396 397 398 399 400 401 402 [403] 404 405 406 407 408 409 410 411 412 413 ... | Result(s) : 299257 |
