10 matches found
EUVD-2026-29781
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
EUVD-2025-37392
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password...
EUVD-2021-19508
Malware in sbrugna...
EUVD-2023-30084
Malicious code in bioql PyPI...
EUVD-2024-0942
Malicious code in bioql PyPI...
PT-2025-27554 · Sentry · Sentry
Name of the Vulnerable Software and Affected Versions: Sentry versions prior to 25.5.0 Description: The issue allows an attacker with a malicious OAuth application registered with Sentry to take advantage of a race condition and improper handling of authorization code within Sentry, maintaining...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...
PT-2021-19887 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 Description: The issue concerns the handling of webauthn tokens in Nextcloud Server. In affected versions, webauth...
Shenzhen Jiya Technology Co., Ltd Jiya APP has information leakage vulnerability
JIYA APP is a cell phone housing search life application that includes new and second-hand housing functions. CAPTCHA Information Leakage: This vulnerability is mainly in the login and password retrieval, the server will return the verification code to the client, thus causing the leakage of...