| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| HCL iReflection Third party vulnerable and outdated components issue was detected in the web application |
| React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4. |
| Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. |
| An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item.
This issue affects glpi: before 11.0.7. |
| LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets through `GET /api/mcp/servers` and `GET /api/mcp/servers/:serverName`. The returned config includes plaintext values for `apiKey.key` and `oauth.client_secret`. This allows viewers of a shared MCP server to exfiltrate the underlying provider credentials. Version 0.8..4 contains a patch. Other remediations include: never returning decrypted admin-managed secrets to non-owners; redacting apiKey.key and oauth.client_secret from all API responses consider returning only boolean presence indicators for secrets, similar to the auth-values route pattern; and, if owners need to edit configs without re-entering secrets, preserving secrets server-side and returning placeholders instead of plaintext. |
| ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Three subcommands were found to have exploitable buffer overflows on response messages. They are: "ipmi-oem dell get-last-post-code - get the last POST code and string describing the error on some Dell servers," "ipmi-oem supermicro extra-firmware-info - get extra firmware info on Supermicro servers," and "ipmi-oem wistron read-proprietary-string - read a proprietary string on Wistron servers." |
| In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. |
| SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient memory. |
| (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates. |
| GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7. |
| In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |
| In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) |
| Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) |
| Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
| Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
| Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical) |
