12 matches found
EUVD-2024-2163
Malicious code in bioql PyPI...
@bubbles-ui/leemons (>=1.0.0 <=1.2.277), @imtf/rjsf-conditionals (=5.0.3) +3 more potentially affected by unknown CVE via json-rules-engine-simplified (>=0.1.17 <=0.2.0)
json-rules-engine-simplified NPM version =0.1.17, =1.0.0, =0.1.0, =0.1.17, =0.1.1, =0.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-JSONRULESENGINESIMPLIFIED-12704864...
CVE-2024-37156
The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...
CVE-2024-37156 TokenController formName not sanitized in hidden input
The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...
CVE-2024-37156 TokenController formName not sanitized in hidden input
The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3...
CVE-2024-37156
CVE-2024-37156 affects SuluFormBundle (Sulu Admin) where the TokenController.get parameter formName is not sanitized in the returned input field, enabling Cross-Site Scripting (XSS). The issue is fixed in version 2.5.3. Mitigation is to upgrade to 2.5.3 or apply the provided patch; no exploit det...
Malicious code in ngpd-merceros-dynamic-forms-fe-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a63c636557949e167ac4cca437135be8c3160f70856ee5911c1817ba2c3f76a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-964 Malicious code in ngpd-merceros-dynamic-forms-fe-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a63c636557949e167ac4cca437135be8c3160f70856ee5911c1817ba2c3f76a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Foxit Reader deletePages Field Calculate use-after-free vulnerability
Talos Vulnerability Report TALOS-2022-1600 Foxit Reader deletePages Field Calculate use-after-free vulnerability November 10, 2022 CVE Number CVE-2022-32774 SUMMARY A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.0.1.12430. By prematurely...
Foxit Reader JavaScript choice field use-after-free vulnerability
Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Foxit Reader Javascript Field fileSelect Use After Free Vulnerability
Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Foxit Reader and Foxit PhantomPDF for Windows Security Vulnerabilities
Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of the desc attribute of an XFA object in Foxit Reader 9.2.0.9297 and...