27 matches found
EUVD-2026-36167
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...
CVE-2026-50223
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...
CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...
CVE-2026-50223 Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. This issue affects Apache OFBiz: before...
CVE-2026-50223
CVE-2026-50223 affects Apache OFBiz prior to 24.09.07. It is caused by improper control of code generation (template injection) via DataResource editing by a low-privileged authenticated user, enabling possible Remote Code Execution. A fix is available in version 24.09.07; upgrading is recommende...
PT-2026-48576
Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.07 Description Improper Control of Generation of Code allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks. This can lead to Remote...
EUVD-2026-30855
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...
MAL-2026-1434 Malicious code in my-super-lib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 58a8ef40f042f56d80d455abeb03442516dfd8ed81f462d9da071089ff82f31e During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file. This is a...
CVE-2026-26022
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrar...
EUVD-2015-1075
Malware in sbrugna...
EUVD-2019-0305
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-23515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, = 2.1.0, 2.19.1 is...
CVE-2025-45880
A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...
Miliaris Amigdala 跨站脚本漏洞
Miliaris Amigdala is an application from the Italian company Miliaris. A cross-site scripting vulnerability exists in Miliaris Amigdala version v2.2.6, which stems from cross-site scripting in the Data Resource Management function that could lead to the execution of arbitrary HTML...
CVE-2025-45880
CVE-2025-45880 is confirmed with public sources detailing a cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6. The issue allows an attacker to execute arbitrary HTML in a user’s browser via a crafted payload. The CVSS 3.1 base score is 6...
CVE-2015-10062
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...
AZL-59541 CVE-2025-32051 affecting package libsoup for versions less than 3.4.4-6
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...
DEBIAN-CVE-2024-10460
The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2015-10062
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...
Design/Logic Flaw
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named...