XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection on Keymaster parameters in XML format. An attacker can access sensitive information by submitting crafted XML data containing external entity references. Details XXE Injection is a type of attack agains...

org.apache.syncope.client.am:syncope-client-am-console (>=4.0.0 <=4.0.3), org.apache.syncope.client.idm:syncope-client-idm-console (>=4.0.0 <=4.0.3) +4 more potentially affected by CVE-2026-23795 via org.apache.syncope.client.idrepo:syncope-client-idrepo-console (>=4.0.0 <=4.0.3)

org.apache.syncope.client.idrepo:syncope-client-idrepo-console MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.3 Source cves: CVE-2026-23795 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECLIENTIDREPO-15202477...

Work Examiner Professional 安全漏洞

Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that originates when traffic between the monitoring client, console, and server is transmitted in clear text, which could allow an attacker ...

org.apache.syncope.ext.camel:syncope-ext-camel-client-console (>=2.1.0 <=2.1.14), org.apache.syncope.ext.flowable:syncope-ext-flowable-client-console (>=2.1.10 <=2.1.14) +3 more potentially affected by CVE-2024-45031 via org.apache.syncope.client:syncope-client-console (>=2.1.0 <=2.1.14)

org.apache.syncope.client:syncope-client-console MAVEN version =2.1.0, =2.1.0, =2.1.10, =2.1.0, =2.1.0, =2.1.0, =2.1.14 Source cves: CVE-2024-45031 Source advisory: OSV:GHSA-JMRF-85G8-X8XV...

Server-Side Template Injection

syncope-client-console is vulnerable to server-side template injection. The attack is possible because it uses different types of interpolation, such as Java EL expressions for handling custom constrain violation error messages during building of Java Bean Validation custom constraint...

Valve: Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.

The structure of the save file implies unpacking of temporary files with extensions .HL1, .HL2 and .HL3. In the code of command 'load', there is a check for invalid substrings, such as .., so unpacking the files into the top directories will not work. Also, it seems, there is a code for checking...

APSB17-06 Security update available for Adobe Campaign

Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves a moderate security bypass affecting the Adobe Campaign client console. An authenticated user with access to the client console could upload and execute a malicious file, potentially resultin...