EUVD-2024-3451

Malicious code in bioql PyPI...

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

CVE-2024-52806

SimpleSAMLphp SAML2 library is affected by an XXE when loading an untrusted XML document (e.g., SAMLResponse). The issue is tied to parsing XML in the library, and the vulnerability is fixed in versions 4.6.14 and 5.0.0-alpha.18. Affected component: SimpleSAMLphp SAML2; root cause: XXE during XML...

CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

PT-2024-35456 · Unknown · Simplesamlphp Saml2 Library

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp SAML2 library versions prior to 4.6.14 SimpleSAMLphp SAML2 library versions prior to 5.0.0-alpha.18 Description: The SimpleSAMLphp SAML2 library is vulnerable to an XML External Entity XXE attack when loading untrusted XML...

CVE-2024-53864

Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...

CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui

Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...

CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui

Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...

CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui

Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...

Ibexa Admin UI 跨站脚本漏洞

Ibexa Admin UI is an open source UI interface for Ibexa. It is dedicated to the Ibexa Admin UI Bundle. A cross-site scripting vulnerability exists in Ibexa Admin UI versions prior to v4.6.14, which stems from a cross-site scripting vulnerability in the content name schema...

PT-2024-35962 · Ibexa · Ibexa Admin Ui Bundle

Name of the Vulnerable Software and Affected Versions: Ibexa Admin UI Bundle versions prior to 4.6.14 Description: A Cross-Site Scripting XSS vulnerability has been found in the Content name pattern mechanism of the Ibexa Admin UI Bundle. This issue can be exploited if an attacker has Content edi...

RackN Digital Rebar 安全漏洞

RackN Digital Rebar is a platform from RackN, Inc. extends IaC automation with reusable workflows that can be deployed on any platform. A security vulnerability exists in RackN Digital Rebar versions 4.6.14 and earlier, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through...

CVE-2019-10118

Snipe-IT before 4.6.14 has XSS, as demonstrated by logmeta values and the user's last name in the API...

CVE-2019-10118

Snipe-IT before 4.6.14 has XSS, as demonstrated by logmeta values and the user's last name in the API...

Snipe-IT Cross-Site Scripting Vulnerability

Snipe-IT is an open source IT asset/license management system. A cross-site scripting vulnerability exists in Snipe-IT versions prior to 4.6.14. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

WordPress Multiple Vulnerabilities (Mar 2019) - Windows

WordPress is prone to a cross-site request forgery CSRF vulnerability in a comment form which leads to HTML injection and cross-site scripting XSS attacks. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

WordPress 4.6.x < 4.6.14 Cross-Site Scripting

According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting XSS vulnerability due to insufficient input sanitization in comment. Note that the scanner has not tested for these issues but has instead relied only on the application's...

openSUSE Security Update : samba (openSUSE-2018-649)

"Samba was updated to 4.6.14, fixing bugs and security issues : Version update to 4.6.14 bsc1093664 : + vfsceph: add fake async pwrite/pread send/recv hooks; bso13425. + Fix memory leak in vfsceph; bso13424. + winbind: avoid using fstrcpydcname,... in dualinitconnection; bso13294. + s3:smb2server...

openSUSE: Security Advisory for samba (openSUSE-SU-2018:1727-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...