33 matches found
EUVD-2025-17661
Malicious code in bioql PyPI...
EUVD-2023-41042
Malicious code in bioql PyPI...
EUVD-2023-27892
Malicious code in bioql PyPI...
CVE-2025-43701
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...
CVE-2025-43701
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...
CVE-2025-43701
CVE-2025-43701 affects Salesforce OmniStudio (FlexCards). Root cause: improper preservation of permissions allowing exposure of Custom Settings data. Impact: OmniStudio versions before 254. CVSS 3.1 base 7.5 ( HIGH ); attack vector/complexity: network/low, no user interaction required. Remediatio...
CVE-2025-43701
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...
CVE-2025-43701
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...
PT-2025-22121 · Salesforce · Omnis Studio
Name of the Vulnerable Software and Affected Versions: Salesforce OmniStudio versions prior to 254 Description: The issue is related to an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards, which allows exposure of Custom Settings data. Recommendations: For...
Design/Logic Flaw
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...
CVE-2023-41934
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...
BageCMS Cross-Site Scripting Vulnerability
BageCMS is a cross-platform content management system CMS based on PHP and MySQL by the BageCMS team in China. A cross-site scripting vulnerability exists in BageCMS v3.1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the custom settings module, and can ...
CVE-2023-37122
A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...
CVE-2023-37122
A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...
CVE-2023-37122
A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...
Cross site scripting
A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...
Bagecms 跨站脚本漏洞
BageCMS is a cross-platform content management system CMS based on PHP and MySQL by the BageCMS team in China. A cross-site scripting vulnerability exists in BageCMS v3.1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the custom settings module, and can ...
CVE-2023-37122
CVE-2023-37122 describes a stored XSS in Bagecms v3.1.0, exploitable via the Custom Settings module. The root cause cited across sources is inadequate input filtering/escaping in that module, allowing arbitrary web script or HTML execution. Public references consistently name BageCMS 3.1.0 and no...
CVE-2023-37122
A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...
CVE-2023-37122
A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...