EUVD-2023-1425

Malicious code in bioql PyPI...

Malicious code in ares-api-integrations (npm)

The package ares-api-integrations was found to contain malicious code...

MAL-2025-14816 Malicious code in ares-api-integrations (npm)

The package ares-api-integrations was found to contain malicious code...

[SECURITY] Fedora 41 Update: nextcloud-31.0.5-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2024-42364

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authentication by default, leaving it to vulnerable to DNS rebinding. In this attack, an attacker will...

Cyber Asset Attack Surface Management 101

Understanding CAASM This article was written by Ethan Smart, Co-Founder and Chief Solution Architect, appNovi a Rapid7 integration partner. It's essential for security and IT teams to have a comprehensive view and control of their cyber assets. This is why Cyber Asset Attack Surface Management...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability exists via the name parameter on API integrations due to lack of sanitization which allows an attacker to inject and execute malicious javascript...

GHSA-XFMJ-R86M-J2HR Stored cross site scripting on API integration

Concrete CMS previously concrete5 before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter...

Stored cross site scripting on API integration

Concrete CMS previously concrete5 before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

Design/Logic Flaw

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28477

Concrete CMS (formerly concrete5) versions 8.5.12 and earlier, and 9.0–9.1.3, are vulnerable to stored XSS on API Integrations via the name parameter. Root cause: input sanitization gap in API integration handling. Exploitation would involve injecting malicious script through the name parameter w...

Virtuozzo Hybrid Infrastructure 5.4 (5.4.0-133)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover compute services, management node high availability, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...

Information disclosure in API and Integrations - CVE-2020-14180

Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. Affected versions:...