429 matches found
PT-2026-4819
Name of the Vulnerable Software and Affected Versions iJason-Liu Books Manager affected versions not specified Description A cross site scripting issue exists in the file controllers/books center/add book check.php. Manipulation of the mark argument can lead to exploitation. The attack can be...
OPENSUSE-SU-2026:20060-1 Security update for cargo-c
This update for cargo-c fixes the following issues: - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249012 - CVE-2024-12224: idna: Fixed improper validation of Punycode labels...
CVE-2022-27201
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...
CVE-2025-15450
Summary: CVE-2025-15450 affects the sfturing hosp_order component (function findOrderHosNum) in /ssm_pro/orderHos/, where manipulation of hospitalAddress/hospitalName can trigger SQL injection. The vulnerability is remotely exploitable and a public exploit exists; affected versions are not clearl...
This Year in Spring – December 30th, 2025
Hi, Spring fans! Can you believe it? It's already the 30th of December! I celebrated Christmas with my family in Los Angeles, then we jumped on a flight headed for Southeast Asia to ring in the New Year with more friends and family. I'm sitting at a café in the sweltering city of Kuala Lumpur,...
CVE-2025-15094
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl ca...
CVE-2025-15094
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl ca...
EUVD-2025-205405
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing manipulation of the argument redirectUrl can...
CVE-2025-15094
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl ca...
OPENSUSE-SU-2026:20000-1 Security update for salt
This update for salt fixes the following issues: Changes in salt: - Add minimumauthversion to enforce security CVE-2025-62349 - Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439 BDSA-2024-9026 - Junos module yaml loader fix CVE-2025-62348 - Require Python dependencies onl...
A Bootiful Podcast: The legendary Rossen Stoyanchev on API versioning, declarative interface clients, RestTestClients, and more
Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this installment I talk to the legendary Rossen Stoyanchev on API versioning, declarative interface clients, RestTestClients, and more!...
CVE-2025-13546
A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...
CVE-2025-13395
A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the publi...
CVE-2025-13395
A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the publi...
EUVD-2025-198151
A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the publi...
PT-2025-47451
Name of the Vulnerable Software and Affected Versions codehub666 94list affected versions not specified Description A security flaw exists in codehub666 94list. The issue involves a SQL injection impacting the Login function within the /function.php file. This allows for remote exploitation. The...
It's a Feature, Not a Bug: Secure and Auditable State Rollback for Confidential Cloud Applications
Replay and rollback attacks threaten cloud application integrity by reintroducing authentic yet stale data through an untrusted storage interface to compromise application decision-making. Prior security frameworks mitigate these attacks by enforcing forward-only state transitions state continuit...
MAL-2025-188811 Malicious code in prettier-stylelint-got-cosmos-ariel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 191ad1021c21de2e4d2aff52918a87b8c01692e87e5d7d02fa1dd71a2f77ed88 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nokire-nakao34 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce3f4f91ae962580afdceac49bf763c22c1362b22161dc3e7078e7f06f5a0a0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in goodai-sunabi-cufanu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba1e1a948699bdc7ba2ee6a6b0605edfb655b5433ca946aed709366c50cd5668 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...