23 matches found
EUVD-2026-39445
A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...
CVE-2026-29226
Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-29226
CVE-2026-29226 describes a Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz triggered via Content component operations. Affected versions are before 24.09.06. The recommended remediation is to upgrade to version 24.09.06, which fixes the issue. The available connected sources conf...
CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component
Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-29226
Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
EUVD-2026-30858
Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component
Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-29207 Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...
CVE-2026-29220 Apache OFBiz: Low-Privilege LFI in Content Component
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-29220 Apache OFBiz: Low-Privilege LFI in Content Component
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-29220
CVE-2026-29220 is a path traversal in Apache OFBiz (affects versions prior to 24.09.06). The root cause is improper limitation of a pathname to a restricted directory, exposing potential unauthorized access to files. The advisory’s impact, per CVSS 3.1, is a low confidentiality and integrity impa...
PT-2026-41846
Server-Side Request Forgery SSRF vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
Apache OFBiz 代码问题漏洞
Apache OFBiz is an ERP system developed by the Apache Foundation in the United States. This system provides a complete set of Java-based web application components and tools. Versions of Apache OFBiz prior to 24.09.06 contained code vulnerabilities, specifically a server-side request forgeing...
EUVD-2020-22918
Malware in sbrugna...
EUVD-2020-22919
Malware in sbrugna...
Cross-Site Scripting
typo3/cms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization of user input in the CSS styled content component, which allows an authenticated users to inject arbitrary HTML or JavaScript...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in the Google Android Content component that stems from a privilege bypass with a possible way to learn the name of a gmail account on a device...
PT-2022-14494 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue allows for local information disclosure due to a permissions bypass in Content, potentially revealing the Gmail account name on the device. This can be exploited without additional execution...
Joomla! com_content Component Information Disclosure Vulnerability
Joomla! is an open source content management system CMS. In Joomla! versions 3.x-3.4.5, the comcontent component fails to properly check ACLs.A remote attacker can exploit this vulnerability to obtain sensitive information...
Design/Logic Flaw
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4880...