15 matches found
EUVD-2024-54089
Malicious code in bioql PyPI...
EUVD-2023-50011
Malicious code in bioql PyPI...
ROS-20250821-06
A vulnerability in the Perl programming language is related to the race condition if a directory descriptor is opened when the thread is created. Exploitation of the vulnerability could allow an attacker to interfere with the application's behavior...
CVE-2025-49199
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable...
CVE-2025-49199
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable...
CVE-2025-49199
CVE-2025-49199 involves unsigned backup ZIP files used by the application, allowing an attacker to download, modify, and re-upload a backup ZIP. This can disrupt the application by configuring services to prevent operation and redirect internal traffic to attacker-hosted services, potentially exp...
CVE-2025-49199 Backup files can be modified and uploaded
The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable...
CVE-2024-57170
SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichiertodelete" parameter allows authenticated attackers to specify file paths containing directory traversal sequences e.g., ../. This vulnerability enables attackers to delete arbitrary files outside t...
CVE-2024-30143
HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the application is...
CVE-2024-53683 Ossur Mobile Logic Application Exposure of Sensitive System Information to an Unauthorized Control Sphere
A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use...
CVE-2022-36060 Prototype pollution in matrix-react-sdk
matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...
openSUSE Security Update : tomcat (openSUSE-2016-384)
This update for tomcat fixes the following issues : Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues : - CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended...
Design/Logic Flaw
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass...
Apache Tomcat 7.0.0 < 7.0.68 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.68. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.68security-7 advisory. - The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x...
Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2736693)
A security issue has been identified that could allow an unauthenticated remote attacker to cause the affected application to stop responding. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...