SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the AddressRepository::getSqlQuery method that constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore...

Dolibarr ERP/CRM SQL注入漏洞

Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Version 10.0.1 of Dolibarr ERP/CRM has a SQL injection...

EUVD-2025-8631

Malicious code in bioql PyPI...

EUVD-2025-18801

Malicious code in bioql PyPI...

EUVD-2023-53781

Malicious code in bioql PyPI...

EUVD-2025-18802

Malicious code in bioql PyPI...

CVE-2023-49883 IBM Transformation Extender Advanced information disclosure

IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

CVE-2023-50300 IBM Transformation Extender Advanced improper access control

IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls...

Security Bulletin: IBM Transformation Extender Advanced, also known as Standards Processing Engine, does not have strong passwords by default

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, does not require that users should have strong passwords by default. Vulnerability Details CVEID:CVE-2023-49883 DESCRIPTION: IBM Standards Processing Engine does not require that users should have strong...

Security Bulletin: IBM Transformation Extender Advanced could allow a local user to perform unauthorized actions due to improper access controls.

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, could allow a local user to perform unauthorized actions due to improper access controls. Vulnerability Details CVEID:CVE-2023-50300 DESCRIPTION: IBM Standards Processing Engine could allow a local user t...

Security Bulletin: IBM Transformation Extender Advanced is affected by Angular dependencies

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to multiple Angular.js issues. Please upgrade to a patched version. Vulnerability Details CVEID:CVE-2019-14863 DESCRIPTION: There is a vulnerability in all angular versions before...

CVE-2023-50301 IBM Transformation Extender Advanced information disclosure

IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user...

IBM Transformation Extender Advanced 安全漏洞

IBM Transformation Extender Advanced is a data transformation, validation and standardization tool software from International Business Machines IBM. A security vulnerability exists in IBM Transformation Extender Advanced version 10.0.1, which stems from not requiring users to use strong password...

IBM Transformation Extender Advanced 访问控制错误漏洞

IBM Transformation Extender Advanced is a data transformation, validation and standardization tool software from International Business Machines IBM. An access control error vulnerability exists in IBM Transformation Extender Advanced version 10.0.1 that stems from improper access control and cou...

MAL-2025-47460 Malicious code in circuit-retained (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 71eb6f38e5fe1dce06d13f2ba4d58e8a3addd8b17b529b327d02f34b54472cb5 The OpenSSF Package Analysis project identified 'circuit-retained' @ 10.0.1 npm as malicious. It is considered malicious because: - The package...

Linux Distros Unpatched Vulnerability : CVE-2022-29250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to...

MAL-2025-41820 Malicious code in openmct-e2e (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 929c26f533affbdfe0c09be2dff86f393cae1b379f25ce110aa61a1a27f473fb The OpenSSF Package Analysis project identified 'openmct-e2e' @ 10.0.1 npm as malicious. It is considered malicious because: - The package...

MAL-2025-41817 Malicious code in contentprocessor_web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b5e5b8bd7f3d15416cf2fc63a4f56e47a746fc01ebf6844fd883d58cd55055dc The OpenSSF Package Analysis project identified 'contentprocessorweb' @ 10.0.1 npm as malicious. It is considered malicious because: - The packa...

MAL-2025-41814 Malicious code in typescript-api-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 398036095e479d925d07bcf55655437c9689808b7e019efbbfc071fcd4c459ac The OpenSSF Package Analysis project identified 'typescript-api-project' @ 10.0.1 npm as malicious. It is considered malicious because: - The...

Malicious code in example-subscriptions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 438b8c125fa1b14e319503e011ccb4ee92d7a6fd2c942d5edc6741d8ca3451aa The OpenSSF Package Analysis project identified 'example-subscriptions' @ 10.0.1 npm as malicious. It is considered malicious because: - The...