EUVD-2020-0039

Malware in sbrugna...

EUVD-2024-2702

Malicious code in bioql PyPI...

CVE-2025-11031

A flaw has been found in DataTables up to 1.10.13. The affected element is an unknown function of the file /examples/resources/examples.php. This manipulation of the argument src causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used...

DataTables 安全漏洞

DataTables is an open source time plugin for jQuery by SpryMedia Limited. A security vulnerability exists in DataTables version 1.10.13 and earlier, which stems from the incorrect manipulation of the parameter src in the file /examples/resources/examples.php, which could lead to a path traversal...

CVE-2024-13509

The WS Form LITE and PRO plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress WS Form LITE plugin <= 1.10.13 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin WS Form LITE versions = 1.10.13...

CVE-2024-13509

The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin WS Form LITE 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability

Impact When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. Patches This has been fixed in the 1.10.1...

CVE-2024-45816 Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks...

CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-46976

CVE-2024-46976 affects the Backstage framework, specifically the @backstage/plugin-techdocs-backend . The root cause is that attacker-controlled content in the TechDocs storage buckets can inject executable scripts into TechDocs content, which then execute in a victim’s browser when documentation...

Backstage 安全漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. A security vulnerability exists in versions prior to Backstage 1.10.13 that stems from the possibility of accessing the contents of an entire storage bucket when using AWS S3 or GCS...

PT-2024-9770 · Unknown · @Backstage/Plugin-Techdocs-Backend

Name of the Vulnerable Software and Affected Versions: @backstage/plugin-techdocs-backend versions prior to 1.10.13 Description: The issue allows an attacker with control of the TechDocs storage buckets to inject executable scripts in the TechDocs content. These scripts will be executed in the...

OPENSUSE-SU-2024:10477-1 libbotan-1_10-1-1.10.13-1.1 on GA media

These are all security issues fixed in the libbotan-110-1-1.10.13-1.1 package on the GA media of openSUSE Tumbleweed...

Pydantic 安全漏洞

Pydantic is a library in the Pydantic open source. Data validation can be performed using Python type hints. A security vulnerability exists in Pydantic versions prior to 2.4.0, 1.10.13, which stems from a vulnerability that allows remote attackers to cause a denial of service via a crafted email...

PT-2024-5856 · Pypi +5 · Pydantic +5

Name of the Vulnerable Software and Affected Versions: Pydantic versions prior to 2.4.0 Pydantic versions prior to 1.10.13 Description: The issue is related to the use of regular expressions in the Pydantic library, which can lead to a denial of service when exploited by a remote attacker. This c...

GHSA-6R3P-FCVM-XH7C SSRF vulnerability in Apache Airflow

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

PYSEC-2020-262

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field...