File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

CVE-2022-0911

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.4.0...

CVE-2022-0704

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.4.0...

CVE-2022-0705

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.4.0...

EUVD-2019-13781

Malware in sbrugna...

EUVD-2022-1448

Malicious code in bioql PyPI...

EUVD-2022-1422

Malicious code in bioql PyPI...

EUVD-2022-1494

Malicious code in bioql PyPI...

EUVD-2022-1586

Malicious code in bioql PyPI...

CVE-2020-11063

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

TYPO3 10.4.0 < 10.4.50 ELTS / 11.0.0 < 11.5.44 ELTS / 12.0.0 < 12.4.31 / 13.0.0 < 13.4.12 (TYPO3-CORE-SA-2025-016)

The version of TYPO3 installed on the remote host is 10.4.0 prior to 10.4.50 ELTS / 11.0.0 prior to 11.5.44 ELTS / 12.0.0 prior to 12.4.31 / 13.0.0 prior to 13.4.12. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-016 advisory. - Administrator-level backend...

PT-2025-17604

Name of the Vulnerable Software and Affected Versions Grafana version 10.4.0 Description The issue concerns improper authorization in the Data Source Proxy API. Recommendations For Grafana version 10.4.0, update to a version that includes the fix for this issue. At the moment, there is no...

PeaZip 安全漏洞

PeaZip is a free Zip software and Rar extractor from the individual developer Giorgio Tani. A security vulnerability exists in PeaZip version 10.4.0 and earlier, which stems from a Mark-of-the-Web protection mechanism bypass that could lead to the execution of arbitrary code...

CVE-2025-31674

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

CVE-2022-0894

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.4.0...

CVE-2024-8235

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...

BIT-TYPO3-2020-11063

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2...

BIT-TYPO3-2020-26229

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...

MariaDB 10.4.0 < 10.4.29

The version of MariaDB installed on the remote host is prior to 10.4.29. It is, therefore, affected by a vulnerability as referenced in the 10.4.29 advisory. - MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spiderdbmbase::printwarnings to...

TYPO3 Password Reset Vulnerability (TYPO3-CORE-SA-2022-008)

TYPO3 is prone to a password reset vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if description...