org.sonatype.nexus.api.extdirect:nexus-api-extdirect-selfhosted (>=3.83.0-08 <=3.86.3-01), org.sonatype.nexus.api.rest:nexus-api-rest-common (>=3.83.0-08 <=3.86.3-01) +4 more potentially affected by CVE-2025-13488 via org.sonatype.nexus.plugins:nexus-blobstore-s3 (>=3.83.0-08 <=3.86.3-01)

org.sonatype.nexus.plugins:nexus-blobstore-s3 MAVEN version =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.83.0-08, =3.86.3-01 Source cves: CVE-2025-13488 Source advisory: SNYK:JAVA-ORGSONATYPENEXUSPLUGINS-14221327...

CVE-2024-44088

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

CVE-2024-44088

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

EUVD-2022-1196

Malicious code in bioql PyPI...

EUVD-2022-41805

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-39323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

PT-2025-34888 · Cisco · Cisco Nexus 3000 Series Switches +1

Name of the Vulnerable Software and Affected Versions: Cisco Nexus 3000 Series Switches Cisco Nexus 9000 Series Switches Description: A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature could allow an authenticated, low-privileged, remote attacker to trigger a crash of th...

com.tencent.devops:devops-boot-starter-plugin (=1.0.0), com.tencent.devops:devops-plugin-core (=1.0.0) +128 more potentially affected by CVE-2024-38807 via org.springframework.boot:spring-boot-loader (>=3.3.1 <=3.3.2)

org.springframework.boot:spring-boot-loader MAVEN version =3.3.1, =0.4.15, =4.7.0, =8.2.0, =8.2.0, =3.87.0-03, =3.87.0-03, =3.87.0-03, =3.87.0-03, =3.89.0-09, =3.89.0-09, =3.89.0-09, =3.89.0-09, =3.89.0-09, =3.90.3-03 and more Source cves: CVE-2024-38807https://vulners.com/cve/CVE-2024-38807...

UBUNTU-CVE-2022-39323

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST usertoken. This issue has been patched, please...

Sql injection

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST usertoken. This issue has been patched, please...

GLPI SQL注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

CVE-2022-39323

GLPI (Gestionnaire Libre de Parc Informatique) is affected by multiple CVEs described for GLPI-related components. CVE-2022-39323 involves a time-based SQL injection in the api REST user_token that can lead to full confidentiality and integrity/availability impact; the initial recommendation is t...

CVE-2022-39323 SQL Injection on REST API in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Time based attack using a SQL injection in api REST usertoken. This issue has been patched, please...

MAL-2022-1629 Malicious code in bluejeans-api-rest-meetings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a43e4229bfe7054913dd74a700512a79d803b5d9bad65bd4280562a4f06c7ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bluejeans-api-rest-meetings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a43e4229bfe7054913dd74a700512a79d803b5d9bad65bd4280562a4f06c7ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-39213

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround...

Design/Logic Flaw

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround...

CVE-2021-39213

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround...