CVE-2026-3795

A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may...

Malicious code in polymer-datdfadsid-dora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2391ff8005197875595bd3f446b394863152251b6b323adc9af31e703cbd32f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-138273

Malicious code in polymer-datdfadsid-dora npm...

angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +65 more potentially affected by CVE-2025-64183 via openexr (=3.4.12)

openexr PYPI version =3.4.12 is affected by a known vulnerability. The following packages have a transitive dependency on openexr and may be impacted: - angorapy =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves:...

EUVD-2007-6109

Malware in sbrugna...

EUVD-2007-3974

Malware in sbrugna...

EUVD-2007-3973

Malware in sbrugna...

How Securing APIs Factors into DORA Compliance

...

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdo...

CVE-2024-28715

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint...

Exploit for Cross-site Scripting in Html-Js Doracms

CVE-2024-28715 CVE ID CVE-2024-28715 PRODUCT Do...

DORA: Safeguarding Europe's financial sector

In this post, we take a closer look at the Digital Operational Resilience Act DORA, and discuss how Wiz can help financial institutions navigate these new regulations...

Achieving DORA Compliance with Qualys: A Comprehensive Approach

In the ever-changing landscape of finance and technology, it is crucial to have robust operational resilience and compliance frameworks. The Digital Operational Resilience Act DORA framework is a significant step in this direction, as it is intended to strengthen the resilience of financial...

Ensuring Compliance with DORA: How Qualys Solutions Can Help

Introduction The Digital Operational Resilience Act DORA is a new regulation implemented by the European Union to ensure the stability and security of the financial sector. Coming into effect in 2022, DORA mandates enhanced cybersecurity and operational resilience standards for financial...

DoraCMS 跨站脚本漏洞

DoraCMS is a software application. A content management system written based on Nodejs + eggjs + mongodb. A security vulnerability exists in the component /admin/contenttemp in DoraCMS v2.1.8, which allows attackers to execute arbitrary web script or HTML via a crafted attack payload...

Dora Coloring Book - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Dora Coloring Book published at the 'play' market has multiple vulnerabilities...

Dora Emlak 1.0 Script Multiple Input Validation Vulnerabilities

No description provided by source...

Dora Emlak Script SQL注入漏洞

Dora Emlak Script是一款基于PHP的WEB应用程序。 Dora Emlak Script不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或可能操作数据库。 测试方法 Dora Emlak 2.0 目前没有解决方案提供： http://www.aspindir.com/goster/5027...

Sql injection

Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a emlakdetay.asp and b haberdetay.asp, the 2 kategori parameter to c kategorisirala.asp, and the 3 tip parameter to d tipsirala.asp...

CVE-2007-6140

Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to a emlakdetay.asp and b haberdetay.asp, the 2 kategori parameter to c kategorisirala.asp, and the 3 tip parameter to d tipsirala.asp...