47 matches found
CVE-2025-6967
Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but...
CVE-2025-6967 Authentication Bypass in Sarman Soft's CMS
Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but...
CVE-2025-6967
The CVE-2025-6967 entry concerns an Execution After Redirect (EAR) vulnerability in Sarman Soft CMS. Affected component: the CMS itself; the root cause is EAR that enables JSON Hijacking (JavaScript Hijacking) and Authentication Bypass. Impact as stated includes high confidentiality and integrity...
CVE-2025-6967
Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but...
CVE-2025-6967 Authentication Bypass in Sarman Soft's CMS
Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass.This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure but...
Sarman Soft CMS 安全漏洞
Sarman Soft CMS is a content management system developed by the Turkish company Sarman Soft. Versions of Sarman Soft CMS prior to 10022026 contained security vulnerabilities. These vulnerabilities were due to redirection-based execution, which could lead to JSON hijacking and authentication...
EUVD-2016-10498
Malware in sbrugna...
EUVD-2013-2980
Malware in sbrugna...
EUVD-2022-4232
Malicious code in bioql PyPI...
EUVD-2024-49321
Malicious code in bioql PyPI...
EUVD-2024-54373
Malicious code in bioql PyPI...
CVE-2024-8644
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking aka JavaScript Hijacking. This issue affects ValeApp: before v2.0.0...
CVE-2024-11071
Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solutionversions described below which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery CSRF attack, which probabilistically enables JSON Hijacking aka JavaScript...
CVE-2024-11071
Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solutionversions described below which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery CSRF attack, which probabilistically enables JSON Hijacking aka JavaScript...
CVE-2024-11071 Improper Access Control In DestinyECM
Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solutionversions described below which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery CSRF attack, which probabilistically enables JSON Hijacking aka JavaScript...
CVE-2024-11071
CVE-2024-11071 concerns DestinyECM by Cyberdigm. The issue is a Permissive Cross-domain Policy with Untrusted Domains in the local API server, which may allow Cross-Site Request Forgery (CSRF) and probabilistically enable JSON Hijacking via forged pages. The base description notes version differe...
CVE-2024-11071 Improper Access Control In DestinyECM
Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solutionversions described below which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery CSRF attack, which probabilistically enables JSON Hijacking aka JavaScript...
PT-2025-15184 · Unknown · Destinyecm
Name of the Vulnerable Software and Affected Versions: DestinyECM solution affected versions not specified Description: The issue is related to a Permissive Cross-domain Policy with Untrusted Domains vulnerability in the local API server of the DestinyECM solution. This vulnerability may allow...
CVE-2024-8644
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking aka JavaScript Hijacking. This issue affects ValeApp: before v2.0.0...
CVE-2024-8644 Cleartext Storage of Sensitive Information in Oceanic Software's ValeApp
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking aka JavaScript Hijacking. This issue affects ValeApp: before v2.0.0...