CVE-2026-22731

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

EUVD-2020-28170

Malware in sbrugna...

EUVD-2016-10648

Malware in sbrugna...

EUVD-2022-0749

Malicious code in bioql PyPI...

EUVD-2022-3015

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-9859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x...

VulnCheck KEV: CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

Moodle 3.11.x < 3.11.9, 4.0.x < 4.0.3 CSRF Vulnerability

Moodle is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle...

Moodle 4.0.x < 4.0.2 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.15, 3.11.x prior to 3.11.8 or 4.0.x prior to 4.0.2. It is, therefore, affected by multiple vulnerabilities: - A code injection through an omitted execution parameter elading to Remote Code Execution RCE for sites running...

Moodle 3.9.x < 3.9.18 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

SUSE CVE-2016-6606

An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector...

SUSE CVE-2016-9850

An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 ar...

WALLIX Access Manager 安全漏洞

WALLIX Access Manager is an access manager from WALLIX France. It filters external access to critical resources by remote employees or third-party vendors, and is also the ideal command center for centralizing the auditing of all Fortress sessions. A security vulnerability exists in WALLIX Access...

Joomla 4.0.x < 4.2.7 Multiple Vulnerabilities (5876-joomla-4-2-7-security-and-bug-fix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.2.7. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID:CVE-2022-21341...

phpMyAdmin Bypass white-list protection for URL redirection

An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

phpMyAdmin PHP code injection

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

GHSA-G4G7-Q726-V5HG Symfony CSRF Token Fixation

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

Joomla 2.5.x < 3.10.7 / 4.0.x < 4.1.1 Multiple Vulnerabilities (5857-joomla-4-1-1-and-3-10-7-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.10.7 or 4.0.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an...

PT-2022-1407 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 through 2.2.25 Django versions 3.2 through 3.2.10 Django versions 4.0 through 4.0.0 Description: The issue is related to the Storage.save function in the Django web application framework, which is associated with incorrect...