CVE-2023-37534 – HCL Leap URI Protocol Whitelist Bypass Vulnerability

April 24, 2025

CVE ID : CVE-2023-37534

Published : April 24, 2025, 5:15 p.m. | 1 hour, 44 minutes ago

Description : Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2023-45720 – HCL Leap Directory Information Information Disclosure

Next Article CVE-2025-46538 – Webplanetsoft Inline Text Popup Cross-site Scripting Vulnerability

Highlights

CVE-2025-49136 – Listmonk Environment Variable Information Disclosure

June 9, 2025

CVE ID : CVE-2025-49136

Published : June 9, 2025, 5:15 p.m. | 4 hours, 14 minutes ago

Description : listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Credit Card Sins

Azul significantly cuts down on false positives in Java vulnerability detection with latest update to Azul Intelligence Cloud

The state of strategic portfolio management

Xbox Games Showcase reveals Indiana Jones and the Great Circle to get new DLC this fall

Tony Hawk’s Pro Skater 3 + 4 demo now is available now if you preorder — Michelangelo is coming too

“The full Call of Duty package”: Black Ops 7 has been confirmed during the Xbox Games Showcase, and no, it is not an expansion

Final Fantasy VII Remake and Final Fantasy XVI are FINALLY launching for Xbox consoles — One of which is available right now!

Neobrutalism CSS Button Generator

Neobrutalism CSS Button Generator

How to Become a Node.js Backend Developer

Professor Rita McGrath on Leading in Times of Uncertainty

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Microsoft mocks macOS 26 Liquid Design with Windows Aero throwback (Windows Vista)

Hindsite is a fast, lightweight static website generator

Orange Pi 5 Ultra and Max Single Board Computers Running Linux: Introduction

CVE-2023-37534 – HCL Leap URI Protocol Whitelist Bypass Vulnerability

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Microsoft Office Vulnerabilities Let Attackers Execute Remote Code

CVE-2025-45242 – Rhymix File Deletion Vulnerability

Is Blue Prince on Xbox Game Pass?

CVE-2025-27720 – Pixmeo Osirix MD Unencrypted Credential Disclosure

Best Free and Open Source Alternatives to Progress Kemp LoadMaster

CVE-2025-49136 – Listmonk Environment Variable Information Disclosure

CVE-2025-48934 – Deno Deny Env Variable Information Disclosure

CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

What the State of Pentesting Report 2025 Reveals About Cybersecurity Readiness

CVE-2023-37534 – HCL Leap URI Protocol Whitelist Bypass Vulnerability

Related Posts