Lucene search
K

750 matches found

OSV
OSV
added 2025/11/25 8:48 p.m.5 views

GHSA-68Q5-78XP-CWWC Contao is vulnerable to cross-site scripting in templates

Impact It is possible to inject code into the template output that will be executed in the browser in the front end and back end. Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5. Workarounds Do not use the affected templates or patch them manually. Refsources...

3.3CVSS7AI score0.00142EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/25 8:48 p.m.7 views

EUVD-2025-199631

Contao is vulnerable to cross-site scripting in templates...

3.3CVSS5.8AI score0.00142EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/25 7:6 p.m.3 views

CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...

3.3CVSS6.6AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2025/11/25 7:6 p.m.5 views

CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...

3.3CVSS6.9AI score0.00142EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48077

Name of the Vulnerable Software and Affected Versions Contao versions 4.0.0 through 4.13.56 Contao versions 5.3.0 through 5.3.41 Contao versions 5.6.0 through 5.6.4 Description Backend users with control over template closures can execute arbitrary PHP functions without required parameters. The...

6.6CVSS7AI score0.00155EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.5 views

PT-2025-48078

Name of the Vulnerable Software and Affected Versions Contao versions 4.0.0 through 4.13.56 Contao versions 5.3.0 through 5.3.41 Contao versions 5.6.0 through 5.6.4 Description Contao is susceptible to code injection within template output, potentially leading to code execution in both the front...

3.3CVSS7.6AI score0.00142EPSS
Exploits0References14
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.6 views

SiRcom SMART Alert 访问控制错误漏洞

SiRcom SMART Alert is a public alert system from SiRcom USA. An access control error vulnerability exists in SiRcom SMART Alert that stems from unauthorized access to the back-end API, which could result in bypassing login restrictions...

8.8CVSS6.5AI score0.00306EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/12 12:36 a.m.9 views

CVE-2025-42889

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...

5.4CVSS6.8AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 12:15 a.m.14 views

CVE-2025-42889

CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...

5.4CVSS6.5AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/11 12:15 a.m.16 views

CVE-2025-42889 SQL Injection vulnerability in SAP Starter Solution (PL SAFT)

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...

5.4CVSS0.00181EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 12:15 a.m.10 views

CVE-2025-42889 SQL Injection vulnerability in SAP Starter Solution (PL SAFT)

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...

5.4CVSS6.5AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.10 views

PT-2025-46230

Name of the Vulnerable Software and Affected Versions SAP Starter Solution affected versions not specified Description SAP Starter Solution allows an authenticated attacker to execute crafted database queries, potentially exposing the back-end database. This can impact the confidentiality and...

5.4CVSS6.5AI score0.00181EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.6 views

SAP S/4HANA SQL注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. SAP S/4HANA suffers from a SQL injection vulnerability that originates from an authenticated attacker being able to execute a specially crafted database query, which could...

5.4CVSS7.7AI score0.00181EPSS
Exploits0References3
Fedora
Fedora
added 2025/11/08 1:10 a.m.8 views

[SECURITY] Fedora 43 Update: bind-dyndb-ldap-11.11-8.fc43

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

8.6CVSS5.6AI score0.1096EPSS
Exploits1
Veracode
Veracode
added 2025/10/22 10:45 a.m.10 views

HTTP Request Smuggling

ASP.NET Core is vulnerable to HTTP Request Smuggling.The vulnerability is due to inconsistent interpretation of HTTP requests between front-end and back-end components, which allows an authorized attacker to bypass security features over a network...

9.9CVSS7AI score0.65838EPSS
Exploits5References7Affected Software15
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.5 views

OpenText Flipper 安全漏洞

OpenText Flipper is a vendor self-submission invoice portal extension package from OpenText Canada. A security vulnerability exists in OpenText Flipper version 3.1.2, which stems from insufficient access control granularity and could lead to a low-privileged user interacting with the back-end API...

9.1CVSS6.6AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2006-2681

Malware in sbrugna...

6.4CVSS6.4AI score0.02435EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-24802

Malware in sbrugna...

10CVSS9.5AI score0.02173EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1860

Malware in sbrugna...

7.2CVSS6.8AI score0.01254EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-24632

Malware in sbrugna...

9.4CVSS9.2AI score0.02686EPSS
Exploits2References6
Rows per page
Query Builder