20 matches found
CVE-2026-40999
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...
PT-2026-48622
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description When WS-Addressing is used with...
VMware Spring Web Services 代码问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the use of...
FreeBSD -- Arbitrary file overwrite via the KTLS receive path
Problem Description: The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous...
GHSA-W22P-4X9F-486V Jenkins GitHub Plugin has an XSS vulnerability
In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...
Jenkins GitHub Plugin has an XSS vulnerability
In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...
CVE-2026-42523
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...
PT-2026-35917
Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions prior to 1.46.1 Description Improper processing of the current job URL within the JavaScript used to validate the "GitHub hook trigger for GITScm polling" feature allows non-anonymous attackers with Overall/Read...
EUVD-2022-3034
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-12156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle 3.x has XSS in the contact form on the non-respondents page in non-anonymous feedback. CVE-2017-12156 Note that Nessus relies on the presence of the...
SUSE CVE-2017-12156
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...
GHSA-7MFW-G8X4-RQ2W Moodle XSS Vulnerability
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...
Moodle XSS Vulnerability
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...
Moodle cross-site scripting vulnerability (CNVD-2017-27611)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A cross-site scripting vulnerability exists in the contact form on the 'non-respondent...
Design/Logic Flaw
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...
CVE-2017-12156
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...
UBUNTU-CVE-2017-12156
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...
CVE-2017-12156
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...
CVE-2017-12156
CVE-2017-12156 affects Moodle 3.x, with an XSS in the contact form on the non-respondents page of non-anonymous feedback. The vulnerability enables script injection (confidentiality/integrity impact listed as low) with user interaction required and network access. Public details show Fedora advis...
Recently updated links for users with personal spaces link to profile if personal space is not accessible
Users without the global access right for personal space can still see links to personal spaces in the "Recently updated" list on their dashboard. This is a serious security problem for extranets, when one wants to prevent non anonymous external users to see who's using the wiki. Note: this probl...