123 matches found
EUVD-2025-25903
Malicious code in bioql PyPI...
EUVD-2022-46019
Malicious code in bioql PyPI...
EUVD-2022-6212
Malicious code in bioql PyPI...
EUVD-2024-30323
Malicious code in bioql PyPI...
EUVD-2022-29036
Malicious code in bioql PyPI...
EUVD-2024-54411
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/dialogs process. An attacker can execute arbitrary scripts in the context of a user's browser by submitting...
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
...
CVE-2025-56694
The CVE-2025-56694 affects lumasoft fotoShare Cloud (version 2025-03-13). The vulnerability is a client-side password validation issue (CWE-602) that could allow unauthenticated attackers to view password-protected photo albums. Root cause appears to be improper client-side validation. CVSS v3.1 ...
CVE-2016-15046
A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161. An attacker can exploit this flaw through a Cross-Origi...
CVE-2016-15046 Hanwha Techwin SSM 1.32 & 1.4 ActiveMQ File Upload RCE
A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161. An attacker can exploit this flaw through a Cross-Origi...
CVE-2025-34114
CVE-2025-34114 affects OpenBlow whistleblowing platform. The vulnerability is a client-side misconfiguration due to missing critical HTTP response headers: Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy across multiple ...
PT-2025-31212 · Apache +1 · Apache Activemq +1
Name of the Vulnerable Software and Affected Versions: Hanwha Techwin Smart Security Manager SSM versions 1.32 and 1.4 Description: A client-side remote code execution issue exists due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance running on port 8161...
UBUNTU-CVE-2025-30749
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...
Sensitive Information Exposure
docusaurus-plugin-content-gists is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of configuration options that include GitHub Personal Access Tokens, which are inadvertently embedded into client-side JavaScript bundles during the production build,...
CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token
The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...
[SECURITY] [DLA 4187-1] varnish security update
Debian LTS Advisory DLA-4187-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 28, 2025 https://wiki.debian.org/LTS Package : varnish Version : 6.5.1-1+deb11u5 CVE ID : CVE-2025-47905 A client-side desync vulnerability can be triggered in Varnish, a...
CVE-2022-21826
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down...
CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability
Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...
CVE-2025-48373 Schule Has Client-Side Role-Based Access Control (RBAC) Bypass Vulnerability
Schule is open-source school management system software. The application relies on client-side JavaScript index.js to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is...