1118 matches found
CVE-2020-19511
Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1 className and !2 Description fields in index.php/Admin/Classes,...
CVE-2012-2300
Multiple cross-site scripting XSS vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-10867
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to...
com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes. This issue may lead to availability attacks...
com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes. This issue may lead to availability attacks...
Integer Overflow
cairo-lang-starknet-classes is vulnerable to Integer overflow. The vulnerability is due to improper bounds checking in the Sierra bytecode decompression logic of the cairo-lang-starknet-classes library, allows an integer overflow to occur when processing malicious Declare v2/v3 transactions...
CVE-2025-25226 [20250401] - Joomla Framework - SQL injection vulnerability in quoteNameStr method of Database package
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in questio...
PT-2025-15907 · Git +1 · Joni
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software suffers from a security exception during the parsing of character classes within the org.joni.Parser.parseCharClass and...
Security advisory: A Denial-of-Service type of security issue in Qt XML module impacts Qt
A Denial-of-Service type of security issue in QDom classes of Qt XML module has been discovered and has been assigned the CVE id CVE-2025-30348. Affected versions: Up to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.7.3. Impact: When QDom classes are used to write XML with long text segments,...
CVE-2024-22611
OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\CPharmacy.class.php and \openemr\controller.php...
generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework
Summary CWE-470 Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when having Javers selected as Entity Audit Framework Details In the following two occurences, user input directly leads to class loading without checking against e.g. a whitelist of allowed classes...
CVE-2024-22611
OpenEMR 7.0.2 is vulnerable to SQL Injection through multiple PHP files: openemr/library/classes/Pharmacy.class.php, controllers/C_Pharmacy.class.php, and openemr/controller.php. The CVE entry indicates a high-impact, authenticated-free, network-exploitable issue with a CVSS v3.1 base score of 9....
[SECURITY] Fedora 42 Update: php-kissifrot-php-ixr-1.8.4-1.fc42
PHP-IXR is an XML-RPC library designed primarily for ease of use. It incorporates both client and server classes, and is designed to hide as much of the workings of XML-RPC from the user as possible. A key feature of the library is automatic type conversion from PHP types to XML-RPC types and vic...
H2O 资源管理错误漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A resource management error vulnerability exists in H2O version 3.46.0.1, which stems from the runtool command exposing classes in the water.tools package via the ast parser, which could lead to a deni...
Unifiedtransform 访问控制错误漏洞
Unifiedtransform is an open source school management software from the individual developer Hasib Mahmud. A security vulnerability exists in Unifiedtransform version 2.0, which stems from an access control error that could lead to viewing attendance lists for all classes...
Linux Distros Unpatched Vulnerability : CVE-2024-56649
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF...
Linux Distros Unpatched Vulnerability : CVE-2022-48652
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if...
CVE-2024-37361 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. CWE-502 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to...
OESA-2025-1044 apache-mina security update
Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO. Security Fixes: The...
CVE-2025-23844
Cross-Site Request Forgery CSRF vulnerability in Jamsheer K Custom Widget Classes custom-widget-classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through = 1.1...