An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.
Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope fore...
Mattermost versions 11.7.x
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw template string before g...
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fak...
Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘...
The vulnerability is present in the ‘/addJugador’ endpoint: * The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of ot...
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-servic...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
