#ios

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.