739 matches found
Advanced Vulnerability Scanning for Open Source Software: Detection and Mitigation of Log4j Vulnerabilities
Automated detection of software vulnerabilities remains a critical challenge in software security. Log4j is an industrial-grade Java logging framework listed as one of the top 100 critical open source projects. On Dec. 10, 2021 a severe vulnerability Log4Shell was disclosed before being fully...
GLPI 安全漏洞
GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...
CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...
A Comprehensive Study on the Impact of Vulnerable Dependencies on Open-Source Software
Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source libraries, it becomes even more imperative to comprehend and...
PT-2025-47519
Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.9.5 Description OpenSTAManager is a management software for technical assistance and invoicing. A SQL Injection flaw exists in the API that allows authenticated users to execute arbitrary SQL queries,...
Bytecode-Centric Detection of Known-To-Be-Vulnerable Dependencies in Java Projects
On average, 71% of the code in typical Java projects comes from open-source software OSS dependencies, making OSS dependencies the dominant component of modern software code bases. This high degree of OSS reliance comes with a considerable security risk of adding known security vulnerabilities to...
ROS-20251020-01
Vulnerability in open source external resource management software Terraform is associated with an incorrect restriction on the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to download arbitrary files...
CVE-2017-20205
Valve's Source SDK source-sdk-2013's ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function nexttoken copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When ParseKeyValue processes a collisionpa...
Cross-site Scripting (XSS)
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper input neutralization in the web page generation in Vega visualizations. An attacker can...
EUVD-2006-5067
Malware in sbrugna...
EUVD-2021-0158
Malware in sbrugna...
EUVD-2021-24185
Malware in sbrugna...
EUVD-2006-2737
Malware in sbrugna...
EUVD-2021-19568
Malware in sbrugna...
EUVD-2021-19454
Malware in sbrugna...
EUVD-2022-7072
Malicious code in bioql PyPI...
EUVD-2024-0635
Malicious code in bioql PyPI...
EUVD-2023-44644
Malicious code in bioql PyPI...
EUVD-2024-41282
Malicious code in bioql PyPI...