Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate file path arguments in the backup import function, potentially accessing or modifying arbitrary files on the affected system. Public exploit code exists for this vulnerability, and the maintainers have not yet released a patch despite early notification. The attack requires valid credentials but can be executed remotely over the network.
Path traversal in Bolo Solo up to version 2.6.4 allows authenticated attackers to manipulate ZIP file extraction operations in the BackupService component, potentially reading or writing arbitrary files on the affected system. Public exploit code is available for this vulnerability, and the vendor has not yet provided a patch despite early notification.
Path traversal in Bolo Solo's importFromMarkdown function allows authenticated attackers to manipulate file paths and access arbitrary files on affected systems. The vulnerability affects Bolo Solo versions up to 2.6.4 and requires valid credentials but no user interaction to exploit. Public exploit code exists for this vulnerability, and no patch is currently available.
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. [CVSS 3.7 LOW]
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. [CVSS 3.7 LOW]
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. [CVSS 3.7 LOW]
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in...
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. [CVSS 3.7 LOW]
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. [CVSS 3.5 LOW]
IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user. [CVSS 3.3 LOW]
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. [CVSS 3.1 LOW]
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php.
A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. [CVSS 3.1 LOW]
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php.
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell commands “sour (CVSS 2.3).
Fabric Operating System versions up to 9.2.1 contains a vulnerability that allows attackers to an authenticated attacker with admin privileges using the shell command “grep” t (CVSS 2.3).
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php.
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php.
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Api/Rest/Handler/UserInfoHandler.Php.