106 matches found
EUVD-2020-28863
Malware in sbrugna...
EUVD-2007-0160
Malware in sbrugna...
EUVD-2025-2766
Malicious code in bioql PyPI...
EUVD-2024-32203
Malicious code in bioql PyPI...
EUVD-2023-2338
Malicious code in bioql PyPI...
CVE-2025-59424
LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting XSS vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker...
CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
4C Strategies Exonaut 安全漏洞
4C Strategies Exonaut is a training, exercise and readiness management platform from the Swedish company 4C Strategies. A security vulnerability exists in 4C Strategies Exonaut version 21.6 that stems from an unsalted hash of passwords stored in the database...
CVE-2025-22385
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...
CVE-2024-21628
PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...
CVE-2024-55603
Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler app/Core/Session/SessionHandler.php, to store the session data in a database...
CVE-2020-26672
Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting XSS in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database...
CVE-2025-47786
Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...
Session Fixation
Overview Affected versions of this package are vulnerable to Session Fixation when database session storage is enabled - which it is not by default. A user whose session has been deleted via web interface or API can continue to access the session. User sessions that are automatically deleted due ...
Session Fixation
Overview Affected versions of this package are vulnerable to Session Fixation when database session storage is enabled - which it is not by default. A user whose session has been deleted via web interface or API can continue to access the session. User sessions that are automatically deleted due ...
CVE-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage
authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...
CVE-2024-50861
GestioIP v3.5.7 is affected by a Stored XSS in the ip_mod_dns_key_form.cgi flow. An attacker can inject code into the TSIG Key field, which is stored in the database and triggers XSS when the DNS Key page is viewed, enabling data exfiltration and CSRF. The Red Hat CVE entry and Exploit/packetstor...
CVE-2025-22385
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...
CVE-2025-22385
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested...
CVE-2025-22385
Optimizely Configured Commerce before 5.2.2408 contains an issue where the Commerce B2B application does not require email confirmation for newly created accounts, enabling mass account creation and potential impacts to database storage (and non-requested storefront accounts). Affected version ra...