71 matches found
EUVD-2024-2340
Malicious code in bioql PyPI...
EUVD-2023-51075
Malicious code in bioql PyPI...
EUVD-2022-41368
Malicious code in bioql PyPI...
EUVD-2025-24136
Malicious code in bioql PyPI...
CVE-2025-59014
An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...
PT-2025-37260
Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Orchestrator LXCO affected versions not specified Description: An attacker with access to a device on the local network segment may be able to manipulate the device to create an alternate communication channel. This could allo...
PT-2025-36690
Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: An uncaught exception within the Bookmark Toolbar component allows administrator-level backend users to...
CVE-2025-52085
An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...
CVE-2025-8838
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be...
CVE-2025-8838
WinterChenS my-site (Backend Interface) is affected in the preHandle function for /admin/. The flaw arises from manipulating the uri argument, causing improper authentication. Exploitation is described as remote and publicly disclosed, with the real existence of the vulnerability doubted in some ...
CVE-2025-8838 WinterChenS my-site Backend admin preHandle improper authentication
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be...
CVE-2025-8838 WinterChenS my-site Backend admin preHandle improper authentication
A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be...
PT-2025-32531 · Winterchens · My-Site
Name of the Vulnerable Software and Affected Versions: WinterChenS my-site affected versions not specified Description: A vulnerability exists in the preHandle function of the /admin/ file within the Backend Interface component. Manipulation of the uri argument results in improper authentication...
Cross-site Scripting (XSS)
Overview clickstorm/cs-seo is a TYPO3 extension that enables important onpage features for search engine optimization SEO. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to JsonLdEvaluator and StructuredData classes. An attacker can inject malicious scripts or HT...
CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...
PT-2025-3150 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
PT-2025-3144 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
PT-2025-3149 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
TYPO3 10.0.0 < 10.4.46 ELTS / 11.0.0 < 11.5.40 / 12.0.0 < 12.4.21 / 13.0.0 < 13.3.1 (TYPO3-CORE-SA-2024-011)
The version of TYPO3 installed on the remote host is prior to 10.0.0 10.4.46 ELTS / 11.0.0 11.5.40 / 12.0.0 12.4.21 / 13.0.0 13.3.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-011 advisory. - Due to insufficient input validation, manipulated data saved i...
PT-2023-32685 · Aditaas · Aditaas
Name of the Vulnerable Software and Affected Versions: ADiTaaS version 5.1 Description: A vulnerability exists in the ADiTaaS backend API due to improper authentication. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerabl...