EUVD-2024-28081

Malicious code in bioql PyPI...

CVE-2024-30145

Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications...

CVE-2024-30145

Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications...

CVE-2022-27562

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

CVE-2022-42449

CVE-2022-42449 affects HCL Domino Volt. The root cause is an unsafe default file-type filtering policy that allows uploading .html files, enabling execution of unsafe JavaScript in deployed applications. Documents consistently describe the issue but do not provide a confirmed patch version or rem...

CVE-2022-44759

Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications...

CVE-2022-44760

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications...

CVE-2024-30147

Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications...

CVE-2024-30147

CVE-2024-30147 affects HCL Leap with multiple vectors enabling client-side script injection in the authoring environment and deployed applications. The provided documents confirm an XSS-type issue and give CVSS-based severity (MEDIUM) but do not disclose a specific patched version or definitive r...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from multiple vectors that allow injection of client-side scripts in the authoring environment and deployed applications...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap suffers from a security vulnerability that stems from improper cleaning of SVG files, leading to client-side script injection in deployed applications...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from the presence of an insecure default file type filtering policy that allows execution of insecure JavaScript in deployed applications...

PT-2018-15511 · Sap · Sap Hana Extended Application Services

Name of the Vulnerable Software and Affected Versions: SAP HANA Extended Application Services version 1.0 Description: The issue allows unauthorized users to read statistical data about deployed applications, including resource consumption. Recommendations: For SAP HANA Extended Application...

tomcat: security manager bypass via StatusManagerServlet

It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs...

tomcat: security manager bypass via StatusManagerServlet

It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs...

tomcat: security manager bypass via StatusManagerServlet

It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs...

6: JSM policy not respected by deployed applications

It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

6: JSM policy not respected by deployed applications

It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...

6: JSM policy not respected by deployed applications

It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...