1085 matches found
EUVD-2018-21446
Malware in sbrugna...
EUVD-2006-5809
Malware in sbrugna...
EUVD-2006-6106
Malware in sbrugna...
EUVD-2018-13250
Malware in sbrugna...
EUVD-2022-1199
Malicious code in bioql PyPI...
EUVD-2022-5183
Malicious code in bioql PyPI...
EUVD-2022-15965
Malicious code in bioql PyPI...
EUVD-2024-0186
Malicious code in bioql PyPI...
EUVD-2022-3219
Malicious code in bioql PyPI...
EUVD-2022-7366
Malicious code in bioql PyPI...
EUVD-2025-12096
Malicious code in bioql PyPI...
EUVD-2023-41408
Malicious code in bioql PyPI...
EUVD-2025-28235
Malicious code in bioql PyPI...
GHSA-2HM7-R8F3-423H Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...
CVE-2025-43813
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...
CVE-2025-43813
Summary (CVE-2025-43813) : Liferay Portal (ComboServlet) is vulnerable to path traversal in affected versions (Portal 7.4.0–7.4.3.107, older unsupported; Liferay DXP 2023.Q3/Q4 series; related 7.4/7.3 GA updates). The flaw allows remote attackers to access arbitrary CSS/JS files and load them rep...
PT-2025-49182
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.66 Description An issue exists in Apache HTTP Server on Windows when AllowEncodedSlashes is enabled and MergeSlashes is disabled. This can allow for Server-Side Request Forgery SSRF, potentially leading...
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable).
...
Linux Distros Unpatched Vulnerability : CVE-2022-3100
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. CVE-2022-3100 Note th...
Linux Distros Unpatched Vulnerability : CVE-2022-24999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto...