EUVD-2024-42434

Malicious code in bioql PyPI...

Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084

Project Paragraphs table provides a field for a collection table. The module doesn't sufficiently sanitise certain data attributes allowing Cross Site Scripting XSS attacks. This vulnerability is mitigated by the fact that an attacker must have a role with permission to enter HTML tags containing...

CVE-2025-27247

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission...

CVE-2023-1774

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...

CVE-2025-0303

CVE-2025-0303 affects OpenHarmony v4.1.2 and earlier. The issue is a local privilege escalation via a buffer overflow that lets an attacker upgrade a common permission to root and leak sensitive information. The available connected documents consistently describe a local attack vector with root-l...

CVE-2024-0440

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files...

CVE-2024-22177

OpenHarmony vulnerability CVE-2024-22177 affects OpenHarmony v3.2.4 and earlier. A local attacker can cause applications to crash by abusing the get permission flow. Root cause indicated in multiple sources as an improper preservation of permissions. Impact is crash/denial of usability for apps; ...

CVE-2023-4890

The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2022-34191

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2019-11765

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted...

MGASA-2015-0247 Updated cups package fixes security vulnerabilities

It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code CVE-2015-1158. It was discovered that the CUPS templating...