10 matches found
EUVD-2025-24555
Malicious code in bioql PyPI...
SUSE CVE-2025-8916
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows Excessiv...
CVE-2025-8916
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows Excessiv...
CVE-2025-8916
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows Excessiv...
PT-2025-15761 · Unknown · Ab-Tools Flags Widget
Name of the Vulnerable Software and Affected Versions: ab-tools Flags Widget versions 1.0.0 through 1.0.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Flags Widget. Recommendations: For versions 1.0.0 through 1.0.7, update to a...
PT-2025-7008 · Easybe · Easy Bet
Name of the Vulnerable Software and Affected Versions: Easy Bet versions 1.0.0 through 1.0.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versions 1.0.0 throug...
PT-2024-34298 · Elementor · Alley Elementor Widget
Name of the Vulnerable Software and Affected Versions: Alley Elementor Widget versions 1.0.0 through 1.0.7 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious...
PT-2024-32652 · Google · Google Cse Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Google CSE WordPress plugin versions 1.0.0 through 1.0.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example i...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 HTML sanitizer versions 1.0.0 to 1.0.7 and 2.0.0 to 2.1.0, which stems from a parsing issue in the upstream package masterminds/html5...
PT-2022-13941 · WordPress · Postmagthemes Demo Import
Name of the Vulnerable Software and Affected Versions: PostmagThemes Demo Import WordPress plugin versions 1.0.0 through 1.0.7 Description: The issue allows high-privilege users, such as admins, to upload arbitrary files, including PHP files, due to a lack of validation of the imported file. This...