295 matches found
EUVD-2019-0800
Malware in sbrugna...
EUVD-2022-4314
Malicious code in bioql PyPI...
EUVD-2023-0361
Malicious code in bioql PyPI...
EUVD-2022-5242
Malicious code in bioql PyPI...
EUVD-2022-1061
Malicious code in bioql PyPI...
EUVD-2022-3423
Malicious code in bioql PyPI...
EUVD-2022-5124
Malicious code in bioql PyPI...
EUVD-2022-5330
Malicious code in bioql PyPI...
EUVD-2022-2499
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-22727
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable ...
Linux Distros Unpatched Vulnerability : CVE-2020-35239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks b...
Linux Distros Unpatched Vulnerability : CVE-2016-4793
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. CVE-2016-4793 Note that Nessus relie...
CVE-2023-22727
CakePHP is a development framework for PHP web apps. In affected versions the Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. This issue has been fixed in 4.2.12, 4.3.11, 4.4.10. Users are advised to...
CVE-2020-15400
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS...
CVE-2020-35239
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...
CVE-2019-11458
An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction...
CVE-2012-4399
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...
CVE-2011-3712
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files...
Linux Distros Unpatched Vulnerability : CVE-2020-15400
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. CVE-2020-15400 Note that Nessus relies on the...
CakePHP 4.5.9
CakePHP 4.5.9 The CakePHP core team is happy to announce the immediate availability of CakePHP 4.5.9. This is a maintenance release for the 4.5 branch that fixes a few community reported issues and a security fix. Bugfixes You can expect the following changes in 4.5.9. See the changelog for every...