An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.Read More ...
Continue Reading
July 01, 2023
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.Read More ...
Continue Reading
July 01, 2023
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. C ...
Continue Reading
July 01, 2023
pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security...R ...
Continue Reading
July 01, 2023
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which lea ...
Continue Reading
July 01, 2023
Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.Read More ...
Continue Reading
July 01, 2023
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected l ...
Continue Reading
July 01, 2023
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possibl ...
Continue Reading
July 01, 2023
Back to Main
