92 matches found
OpenEMR 信息泄露漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained a vulnerability...
CVE-2025-11754 Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.1.2 - Missing Authorization to Sensitive Information Exposure
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin...
MailEnable Id Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
CVE-2025-34406
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a...
EUVD-2025-202194
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response. By supplying a crafted payload...
CVE-2025-34406
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response. By supplying a crafted payload...
CVE-2025-34406 MailEnable < 10.54 Reflected XSS in Id Parameter of Mobile/ContactDetails.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response. By supplying a crafted payload...
CVE-2025-34406
CVE-2025-34406 affects MailEnable versions prior to 10.54. A reflected XSS flaw exists in the Id parameter of /Mobile/ContactDetails.aspx where the Id value is not properly sanitized in a GET request and is reflected within a script block. Exploitation involves injecting a crafted payload to term...
MailEnable 跨站脚本漏洞
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
Insecure Direct Object Reference (IDOR)
Liferay Portal including Liferay DXP is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to the Contacts Center widget directly exposing the comliferaycontactswebportletContactsCenterPortletentryId parameter without proper authorization checks. An attackers can use...
EUVD-2021-1999
Malware in sbrugna...
EUVD-2020-17958
Malware in sbrugna...
EUVD-2018-9255
Malware in sbrugna...
EUVD-2023-48486
Malicious code in bioql PyPI...
EUVD-2022-25216
Malicious code in bioql PyPI...
EUVD-2023-25688
Malicious code in bioql PyPI...
UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data
LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but…...
CVE-2022-46485
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
Temu must respect consumer protection laws, says EU
Temu has been accused of a number of infringements on its platform against European Union EU consumer law. The Consumer Protection Cooperation CPC Network of national consumer authorities and the European Commission teamed up for a coordinated ongoing investigation into Temu and its practices. Th...
BIT-GITLAB-2022-1948
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details...