56 matches found
EUVD-2025-35186
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
Liferay Portal fails to verify messages from the cluster network is trusted
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
External Initialization of Trusted Variables or Data Stores
Overview ch.qos.logback:logback-core is a logback-core module. Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are...
Microsoft Purview innovations for your Fabric data: Unify data security and governance for the AI era
The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference September 15-18, 2025, in Vienna, Austria. This event is Microsoft’s largest tech conference in Europe, where data professionals gather to connect and share insights on data,...
PT-2025-28537
Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description An issue exists where the acceptance of extraneous untrusted data alongside trusted data allows an unauthorized attacker to bypass a security feature. This exploit requires physical...
CVE-2025-29842
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network...
Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets
Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...
SUSE CVE-2025-1014
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
EC-CUBE 安全漏洞
EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE that stems from the presence of an Accept External Untrusted Data and Trusted Data vulnerability, where an attacker who gains administrative privileges may be able to install...
CVE-2024-41707
An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data stor...
PT-2024-29527 · Rsa · Archer Platform
Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 2024.06 Description: An issue allows authenticated users to achieve HTML content injection. A remote authenticated malicious user could exploit this to store malicious HTML code in a trusted application data...
The vulnerability of the Grafana monitoring and observation platform lies in the redirection of the URL address to an unreliable website, allowing a hacker to redirect users to any desired website.
The vulnerability of the Grafana monitoring and observation platform relates to bypassing security configurations, if a malicious data source operates on a permitted host. Exploiting this vulnerability could allow a remote attacker to redirect users to an arbitrary website...
CVE-2024-26313
Archer Platform 6.x before 6.14 P2 HF2 6.14.0.2.2 contains a stored cross-site scripting XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data...
CVE-2023-48642
Archer Platform 6.x before 6.13 P2 6.13.0.2 contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...
PT-2023-30867 · Rsa · Archer Platform
Name of the Vulnerable Software and Affected Versions: Archer Platform versions 6.x through 6.13 P2 6.13.0.2 Description: The issue allows a remote authenticated malicious Archer user to store malicious HTML code in a trusted application data store. When victim users access the data store through...
Acceptance of Extraneous Untrusted Data With Trusted Data
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data through the processing of shortcodes in user-generated content. An attacker can manipulate...
Archer Platform 跨站脚本漏洞
Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions prior to 6.12.0.6.1, which stems from the presence of a stored cross-site scripting XSS vulnerability that could allow an authenticated, remote attacker to...
SUSE CVE-2018-5709
An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable "dbentry-nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect...
PT-2022-26930 · WordPress · Wordpress Popular Posts
Name of the Vulnerable Software and Affected Versions: WordPress Popular Posts versions 6.0.5 and earlier Description: The issue allows external initialization of trusted variables or data stores, enabling the acceptance of untrusted external inputs to update internal variables. This can lead to...
CVE-2022-33935
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data stor...