EUVD-2023-28699

Malicious code in bioql PyPI...

CVE-2025-43813

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

GHSA-2HM7-R8F3-423H Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

PT-2025-40037

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

CVE-2025-43813

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

CVE-2025-43813

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...

CVE-2025-43813

Summary (CVE-2025-43813) : Liferay Portal (ComboServlet) is vulnerable to path traversal in affected versions (Portal 7.4.0–7.4.3.107, older unsupported; Liferay DXP 2023.Q3/Q4 series; related 7.4/7.3 GA updates). The flaw allows remote attackers to access arbitrary CSS/JS files and load them rep...

Liferay Portal和Liferay DXP 路径遍历漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2023-24689

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...

CVE-2023-24689

An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...

Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

None...

OPENSUSE-SU-2020:0780-1 Security update for libcroco

This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. - CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. This update...

EulerOS 2.0 SP3 : libcroco (EulerOS-SA-2019-2605)

According to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This package provides the necessary development libraries and include files to allow you to develop with libcroco.Security Fixes:The...

openSUSE Security Update : libcroco (openSUSE-2019-1575)

This update for libcroco fixes the following issues : Security issues fixed : - CVE-2017-7960: Fixed heap overflow input: check end of input before reading a byte bsc1034481. - CVE-2017-7961: Fixed undefined behavior tknzr: support only max long rgb values bsc1034482. - CVE-2017-8834: Fixed denia...

CVE-2016-9415

MyBB aka MyBulletinBoard before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."...

Design/Logic Flaw

MyBB aka MyBulletinBoard before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."...

WebSiteSniffer v1.41 - Captures all Web site files downloaded by your Web browser while browsing the Internet

WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML...

HackerOne: CSS leaks SCSS debug info

Download CSS style sheet referenced from the HTML and do: grep -oP "file.:.?scss" application-facbdb64a504bb08ec272860320e1941.css | sort | uniq As you can see it exposes information about the file system, source CSS files and software used. See enclosed file for a dump of the output of the comma...

Cross site scripting

eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets CSS files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting XSS attacks...