21 matches found
EUVD-2025-11788
Malicious code in bioql PyPI...
EUVD-2022-4485
Malicious code in bioql PyPI...
CVE-2025-32385
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
CVE-2025-32385
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
PT-2025-16546 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.5 Description: The issue concerns the Iframe dashlet in EspoCRM, which allows users to display iframes with arbitrary URLs. Since the sandbox attribute is not included in the iframe, a remote page can open popups...
Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to jinja is an extensible templating engine.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to jinja is an extensible templating engine. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component may be vulnerable to PyTorch arbitrary code execution of Python code through the use of torch. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48063...
WordPress plugin Quiz and Survey Master security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-23686
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...
Splunk Enterprise Account Takeover
https://github.com/redwaysecurity/CVEs/blob/main/CVE-2023-32707/README.md !/usr/bin/env python3 Splunk admin account take over exploit - CVE-2023-32707 Author: Redway Security Discovery: Santiago Lopez Vendor Description: A low-privilege user who holds a role that has the edituser capability...
PT-2023-23975 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Description: An unauthenticated attacker can send specially-crafted messages to the XML parser within SAML...
PT-2023-3015 · Splunk · Splunk Cloud Platform +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: A low-privileged user with the edit user...
Information Exposure
Overview @nestjs/core is a Nest - modern, fast, powerful node.js web framework @core Affected versions of this package are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a...
IBM WebSphere MQ 8.0.0.x < 8.0.0.9 / 9.0.x < 9.0.5 / 9.0.0.x < 9.0.0.3 Multiple Vulnerabilities
According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.9, 9.0.x prior to 9.0.5 or 9.0.0.x prior to 9.0.0.3. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability. An...
PT-2019-14770 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue concerns a stored XSS in the User Note section of the note.php file. This allows a user without privileges to inject a script, potentially attacking the admin. Recommendations: For Dolibarr versio...
PT-2019-14772 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue concerns a stored XSS in the Email Template section, specifically affecting the mails templates.php file. This allows a user, regardless of their privileges, to inject scripts that can attack the...