CVE-2022-31735

OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability CWE-601. When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website...

EUVD-2019-16218

Malware in sbrugna...

EUVD-2019-16153

Malware in sbrugna...

EUVD-2023-31497

Malicious code in bioql PyPI...

OpenAM 安全漏洞

OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation and federation capabilities. A security vulnerability exists in OpenAM versions 14.0.0 through 14.0.1, which stems from a tampering request that could resul...

TwistedWeb 安全漏洞

TwistedWeb is a web server framework from Twisted Open Source. A security vulnerability exists in TwistedWeb version 14.0.0, which stems from improper input cleanup for the file upload feature and could lead to remote code execution...

CVE-2025-48953 Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads

Umbraco is an ASP.NET content management system CMS. Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and...

CVE-2025-24012

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 conta...

org.keycloak:keycloak-quarkus-server-app (=14.0.0), org.keycloak:keycloak-quarkus-server-deployment (=14.0.0) potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (=14.0.0)

org.keycloak:keycloak-quarkus-server MAVEN version =14.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.keycloak:keycloak-quarkus-server and may be impacted: - org.keycloak:keycloak-quarkus-server-app =14.0.0 -...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2024-47819 Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the...

CVE-2024-47819

CVE-2024-47819 – Umbraco XSS (Dictionary section) Affected: Umbraco CMS (.NET) versions 14.0.0 up to, but not including, 14.3.1 and 15.0.0.Root cause: cross-site scripting vulnerability in the Dictionary section that can be triggered by an admin-privileged user to execute injected scripts.Impact:...

Umbraco 跨站脚本漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A cross-site scripting vulnerability exists in Umbraco version 14.0.0 and earlier, which stems from susceptibility to cross-site scripting attacks that could be exploited to access higher privileged...

PT-2024-14293 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: piwigo version 14.0.0 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. Recommendations: For piwigo version 14.0.0, consider...

Piwigo Security Breach

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo version v.14.0.0, which stems from a cross-site scripting vulnerability that allows remote...

Adobe Bridge Security Vulnerability

Adobe Bridge is a file viewer from Adobe USA. A security vulnerability exists in Adobe Bridge prior to version 13.0.4 and prior to version 14.0.0, which stems from an Access to Uninitialized Pointers vulnerability that could lead to a sensitive memory disclosure...

Piwigo < 14.0.0.beta4 XSS Vulnerability

Piwigo is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...

CVE-2023-36825 Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the state query parameter,...

CVE-2023-36825 Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution

Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the state query parameter,...