Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope fore...
Mattermost versions 11.7.x
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw template string before g...
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fak...
Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘...
The vulnerability is present in the ‘/addJugador’ endpoint: * The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of ot...
Sumary The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...
Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-servic...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
