IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical…

IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL…

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects…

Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API…

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username…

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on…

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern…

Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin…

Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için…

Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change. Zafiyet ile ilgili Genel Bilgi, Etki…