27 matches found
CVE-2026-44672
mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...
CVE-2026-44672
CVE-2026-44672 affects mapfish-print, a component of MapFish for templated map printing. The vulnerability exists in the Dynamic table handling for versions 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, allowing an unauthenticated attacker to execute arbitrary code (Remote Code ...
EUVD-2026-32909
mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...
CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table
mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...
CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table
mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...
CVE-2026-44672
mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...
tickets SQL注入漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in tables.php—tablename, indexname, and sortby—which were...
Mapfish Print: Remote Code Injection (RCE) in Dynamic table
Impact The attacker can execute arbitrary code without being authenticated Mitigation Upgrade to a patched version please check affected/patched version matrix Credits Bug Bounty of Canton du Jura...
Arbitrary Code Injection
Overview org.mapfish.print:print-lib is a component of MapFish for printing templated cartographic maps. Affected versions of this package are vulnerable to Arbitrary Code Injection via the dynamic table. An attacker can execute arbitrary code by sending specially crafted requests without...
GHSA-Q7M6-WPVF-MVWX Mapfish Print: Remote Code Injection (RCE) in Dynamic table
Impact The attacker can execute arbitrary code without being authenticated Mitigation Upgrade to a patched version please check affected/patched version matrix Credits Bug Bounty of Canton du Jura...
CVE-2026-39837
CVE-2026-39837 is a stored XSS vulnerability in the WikiWorks MediaWiki – Cargo Extension affecting versions before 3.8.7. The issue stems from the improper neutralization of Script-Related HTML tags in a web page, enabling stored cross-site scripting. The connected records do not provide explici...
CVE-2026-39837 Stored XSS through the dynamic table format in Cargo
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39837 Stored XSS through the dynamic table format in Cargo
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
GHSA-6W86-WGWQ-RGQ8 neqo-qpack has iInteger overflow in qpack dynamic table indexing
Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...
neqo-qpack has iInteger overflow in qpack dynamic table indexing
Summary An unsanitized qpack index can lead to an integer overflow, panicing in debug mode, accessing the wrong or no dynamic table entry in release mode. What does this mean for Firefox? Firefox runs Neqo in release mode. A malicious remote can cause its own QUIC connection to fail to use qpack,...
EUVD-2025-27091
Malicious code in bioql PyPI...
CVE-2025-10066
A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/dymanictable.php. Such manipulation of the argument scripts leads to cross site scripting. The...
POS Point of Sale System /dymanic_table.php File Cross-Site Scripting Vulnerability
POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...
CVE-2025-10066
CVE-2025-10066 affects itsourcecode POS Point of Sale System 1.0. The vulnerability is an XSS in an unknown function within /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php caused by improper handling of the scripts argument. This could allow remote attackers to execute...
Online Shopping Portal dymanic_table.php File Cross-Site Scripting Vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from a lack of valid filtering and escaping of user-supplied data in the scripts parameter of file...