275 matches found
EUVD-2024-42275
Malicious code in bioql PyPI...
EUVD-2023-59876
Malicious code in bioql PyPI...
EUVD-2025-12456
Malicious code in bioql PyPI...
EUVD-2023-58235
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Biography field. An attacker can execute arbitrary JavaScript code in the context of the website...
CVE-2023-53207
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
UBUNTU-CVE-2023-53207
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
CVE-2023-53207 ublk: fail to recover device if queue setup is interrupted
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
CVE-2023-53207 ublk: fail to recover device if queue setup is interrupted
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
TraceLens: Question-Driven Debugging for Taint Flow Understanding
Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...
PT-2025-112: Stored XSS in FreeScout
The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript into web pages, resulting in execution of malicious code in the victim’s browser. Vulnerability status: Confirmed by vendor Date of...
CVE-2024-52885
CVE-2024-52885 affects the Mobile Access Portal File Share component (Check Point Mobile Access). A directory traversal flaw allows an authenticated user (authorized to at least one File Share app) to enumerate file names in directories accessible to the nobody user on the Mobile Access gateway. ...
Security update 5.1.0 GM for Multi-Linux Manager Client Tools
This update fixes the following issues: spacecmd: Version update from 5.1.6-0 to 5.1.8-0 with the following key change: Update translation strings uyuni-tools: Version 5.1.14-0: Fix mgradm backup create handling of images and systemd files bsc1244563 migrate existing TLS certificates from 4.3...
The vulnerability of the Siebel CRM End User component of the Oracle Siebel CRM system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Siebel CRM End User component of the Oracle Siebel CRM system is related to insufficient protection of administrative functions. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2025-30758
Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM component: User Interface. Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks ...
CVE-2024-47122
In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...
CVE-2023-52268
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub...
CVE-2020-15408
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite...
CVE-2013-5798
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End User Self Service...
The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution
The srfeuserregister extension through 12.4.8 for TYPO3 allows Remote Code Execution via unsafe deserialization...