750 matches found
GHSA-68Q5-78XP-CWWC Contao is vulnerable to cross-site scripting in templates
Impact It is possible to inject code into the template output that will be executed in the browser in the front end and back end. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5. Workarounds Do not use the affected templates or patch them manually. Refsources...
EUVD-2025-199631
Contao is vulnerable to cross-site scripting in templates...
CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...
CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...
PT-2025-48077
Name of the Vulnerable Software and Affected Versions Contao versions 4.0.0 through 4.13.56 Contao versions 5.3.0 through 5.3.41 Contao versions 5.6.0 through 5.6.4 Description Backend users with control over template closures can execute arbitrary PHP functions without required parameters. The...
PT-2025-48078
Name of the Vulnerable Software and Affected Versions Contao versions 4.0.0 through 4.13.56 Contao versions 5.3.0 through 5.3.41 Contao versions 5.6.0 through 5.6.4 Description Contao is susceptible to code injection within template output, potentially leading to code execution in both the front...
SiRcom SMART Alert 访问控制错误漏洞
SiRcom SMART Alert is a public alert system from SiRcom USA. An access control error vulnerability exists in SiRcom SMART Alert that stems from unauthorized access to the back-end API, which could result in bypassing login restrictions...
CVE-2025-42889
SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...
CVE-2025-42889
CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...
CVE-2025-42889 SQL Injection vulnerability in SAP Starter Solution (PL SAFT)
SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...
CVE-2025-42889 SQL Injection vulnerability in SAP Starter Solution (PL SAFT)
SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...
PT-2025-46230
Name of the Vulnerable Software and Affected Versions SAP Starter Solution affected versions not specified Description SAP Starter Solution allows an authenticated attacker to execute crafted database queries, potentially exposing the back-end database. This can impact the confidentiality and...
SAP S/4HANA SQL注入漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. SAP S/4HANA suffers from a SQL injection vulnerability that originates from an authenticated attacker being able to execute a specially crafted database query, which could...
[SECURITY] Fedora 43 Update: bind-dyndb-ldap-11.11-8.fc43
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...
HTTP Request Smuggling
ASP.NET Core is vulnerable to HTTP Request Smuggling.The vulnerability is due to inconsistent interpretation of HTTP requests between front-end and back-end components, which allows an authorized attacker to bypass security features over a network...
OpenText Flipper 安全漏洞
OpenText Flipper is a vendor self-submission invoice portal extension package from OpenText Canada. A security vulnerability exists in OpenText Flipper version 3.1.2, which stems from insufficient access control granularity and could lead to a low-privileged user interacting with the back-end API...
EUVD-2006-2681
Malware in sbrugna...
EUVD-2020-24802
Malware in sbrugna...
EUVD-2021-1860
Malware in sbrugna...
EUVD-2021-24632
Malware in sbrugna...