EUVD-2026-36167

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

CVE-2026-50223

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

CVE-2026-50223

Summary: CVE-2026-50223 in Apache OFBiz is a template injection vulnerability (FreeMarker) that can be exploited by a low-privileged, authenticated user with Content/DataResource editing privileges to achieve Remote Code Execution. Affected products are OFBiz versions before 24.09.07. The issue a...

PT-2026-48576

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...

EUVD-2026-30855

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...

MAL-2026-1434 Malicious code in my-super-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 58a8ef40f042f56d80d455abeb03442516dfd8ed81f462d9da071089ff82f31e During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...

CVE-2026-26022

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrar...

EUVD-2019-0305

Malware in sbrugna...

EUVD-2015-1075

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-23515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, = 2.1.0, 2.19.1 is...

CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

Miliaris Amigdala 跨站脚本漏洞

Miliaris Amigdala is an application from the Italian company Miliaris. A cross-site scripting vulnerability exists in Miliaris Amigdala version v2.2.6, which stems from cross-site scripting in the Data Resource Management function that could lead to the execution of arbitrary HTML...

CVE-2025-45880

CVE-2025-45880 is confirmed with public sources detailing a cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6. The issue allows an attacker to execute arbitrary HTML in a user’s browser via a crafted payload. The CVSS 3.1 base score is 6...

CVE-2015-10062

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...

AZL-59541 CVE-2025-32051 affecting package libsoup for versions less than 3.4.4-6

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

DEBIAN-CVE-2024-10460

The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

CVE-2015-10062

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...

CVE-2015-10062

The CVE-2015-10062 entry relates to galaxy-data-resource up to version 14.10.0, with an injection vulnerability in the Command Line Template component caused by manipulation of an unspecified part. A fix is available: upgrade to version 14.10.1. A patch hash is provided (50d65f45d3f5be5d1fbff2e45...