18 matches found
EUVD-2018-16784
Malware in sbrugna...
EUVD-2023-30886
Malicious code in bioql PyPI...
EUVD-2022-6434
Malicious code in bioql PyPI...
CVE-2025-59941 go-f3 is Vulnerable to Cached Justification Verification Bypass
go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-context-5.3.24.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-context-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale...
Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-context-6.2.3.jar (CVE-2025-22233)
Summary IBM Sterling Connect:Direct Web Services uses spring-context-6.2.3.jar, which has vulnerability CVE-2025-22233. This has been addressed in fixpacks that are available on Fix Central. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11703 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)
org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...
WordPress Activity Log – Monitor & Record User Changes plugin <= 2.11.1 - Unauthenticated Stored Cross-Site Scripting via Event Context vulnerability
Unauthenticated Stored Cross-Site Scripting via Event Context vulnerability discovered by mikemyers in WordPress Plugin Activity Log versions = 2.11.1...
The vulnerability of the executable file cmxddns in the microprogramming software of TP-Link Omada er605 allows a hacker to execute arbitrary code in the root context.
The vulnerability of the executable file cmxddnsd of the TP-Link Omada er605 microcontroller software is related to the use of weak security mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context...
CVE-2023-37951
Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...
Open Redirect
github.com/go-gitea/gitea is vulnerable to open redirect. The vulnerability exists in RedirectToFirst function in context.go due to the presence of backslashes in the Locations which allows an attacker to parse malicious URLs to redirect the user...
CVE-2020-21993
In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxcrons.php. When parsing the user parameter, the process does not...
CVE-2020-7292 Web Gateway (MWG) - Inappropriate Encoding for output context
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL...
Visual Paradigm Server 10.0 Cross Site Scripting
================================================================ Visual Paradigm Server v10.0 - Cross Site Scripting XSS ================================================================ Information -------------------- Name: Visual Paradigm Server v10.0 - Cross Site Scripting XSS Affected Softwar...
CVE-2014-4398
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394,...
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/62782/info SilverStripe is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in th...
CVE-2004-1080
Summary: CVE-2004-1080 describes a remote memory overwrite in the Windows WINS service (wins.exe) via a crafted WINS replication packet sent to TCP port 42, which could allow arbitrary code execution. Affected products: Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003...