EUVD-2025-21447

Malicious code in bioql PyPI...

EUVD-2024-1992

Malicious code in bioql PyPI...

CVE-2022-31194

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowi...

CVE-2024-38364

CVE-2024-38364 (DSpace XSS) affects DSpace 7.0–7.6.1. When a user downloads an HTML, XML, or JavaScript Bitstream, the browser may execute embedded JavaScript, enabling a cross-site scripting (XSS) vulnerability. The root cause, as described in the public materials, is insufficient/unsafe handlin...

CVE-2022-31191

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

Open redirect

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

CVE-2022-31195

CVE-2022-31195 affects DSpace open source software, specifically the ItemImportServiceImpl, which is vulnerable to a path traversal when processing SAF packages. A malicious SAF package could cause a file/directory to be created anywhere writable by the Tomcat/DSpace user, but only if the attacke...

CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

CVE-2022-31192

The CVE-2022-31192 issue affects DSpace JSPUI (the Request a Copy feature) where input values submitted via the form are not properly escaped, enabling cross-site scripting (XSS) attacks in the JSPUI. The vulnerability is limited to JSPUI and does not affect XMLUI or other components. Remediation...

CVE-2022-31194

The CVE-2022-31194 issue affects DSpace JSPUI in the resumable upload path, where SubmissionController and FileUploadRequest allow path traversal to write files/directories on the server, limited to users with submitter privileges (not anonymous/basic users). Root cause: manipulating submission r...

CVE-2022-31193 URL Redirection to Untrusted Site in Dspace JSPUI

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

CVE-2022-31193

DSpace JSPUI's controlled vocabulary servlet is vulnerable to an open redirect attack via crafted URLs. The issue affects the JSPUI component in DSpace, enabling redirection to attacker-controlled sites when a user clicks a malicious link. Patches exist for DSpace 5.x and 6.x (5.11 and 6.4); upgr...

Design/Logic Flaw

DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn...

CVE-2022-31190

CVE-2022-31190 (DSpace XMLUI) affects DSpace XMLUI by exposing metadata of withdrawn items via the mets.xml object when the handle/URL is known. The issue is limited to the XMLUI component; JSPUI and 7.x are not impacted. Impact is information disclosure of withdrawn-item metadata, not full compr...

Beijing Legendary Huayu Education Technology Co., Ltd. digital resources cloud service platform has a logic flaw vulnerability

Beijing Legendary Huayu Education Technology Co., Ltd. is a company focusing on the role and development of unstructured data management and application in education and teaching. A logic flaw vulnerability exists in the digital resources cloud service platform of Beijing Legendary Huayu Educatio...

Socketmail <= 2.2.6 (site_path) Remote File Include Vulnerability

No description provided by source. Title: Socketmail = 2.2.6 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: Creative Digital Resources URL: http://socketmail.com ----------------------------------------------------------------- Credit...

Coalfire Acquires Digital Resources Group in California

We have reached a new milestone at Coalfire and have announced the recent acquisition of privately held Digital Resources Group DRG in Redwood City, California. We are excited about our latest venture as it consolidates our leadership position within the IT Governance Risk and Compliance IT GRC...

CVE-2007-5649

Cross-site scripting XSS vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lostid parameter...

CVE-2007-5649

Cross-site scripting XSS vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lostid parameter...

[MajorSecurity #6]Socketmail &lt;= 2.2.6 - Remote File Include Vulnerability

MajorSecuritySocketmail = 2.2.6 - Remote File Include Vulnerability -------------------------------------------------------- Software: Socketmail Version: =2.2.6 Type: Remote File Include Vulnerability Date: May, 25th 2006 Vendor: Creative Digital Resources Page: http://socketmail.com Risc: High...