20 matches found
CVE-2026-29207 Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...
CVE-2025-15282
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...
EUVD-2016-7730
Malware in sbrugna...
EUVD-2019-0360
Malware in sbrugna...
Insufficient URL Validation
org.apache.nifi:nifi-dbcp-base is vulnerable to Insufficient URL Validation. The vulnerability allows an authenticated attacker with relevant privileges to bypass connection URL validation using custom input formatting, which leads to unauthorized access to data or other resources...
CVE-2016-10613
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
Design/Logic Flaw
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10592
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10592
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10610
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10592
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10592
Vulnerability summary: The jser-stat library downloads data resources over HTTP, enabling man-in-the-middle (MitM) attacks when an attacker can observe/modify network traffic. The impact is variable and can include reading sensitive data up to remote code execution, depending on package behavior....
CVE-2016-10568
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10568
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10568
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10568
CVE-2016-10568 affects geoip-lite-country (pre-1.1.4). The library downloads data resources over HTTP, creating vulnerability to man-in-the-middle attacks. Impact ranges from data modification/read to potential code execution depending on the data/resource behavior, per multiple sources. Mitigati...
Man In The Middle (MitM)
jser-stat is vulnerable to man-in-the-middle MitM attacks due to downloading data resources over an insecure protocol. It is possible for an attacker to intercept this connection and alter the packages received...
CVE-2016-6845
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...
Design/Logic Flaw
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...
Personal.Net Portal - Multiple Vulnerabilities
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' Abysssec Inc Public Advisory Title : Personal.Net Portal Multiple Vulnerabilities Affected Version : Personal.Net Portal Version 2.8.1 Discovery : www.Abysssec.com Vendor...