CVE-2025-61141

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...

CVE-2025-61141

The CVE-2025-61141 entry concerns sqls-server/sqls version 0.2.28, which is vulnerable to command injection in the config command. The root cause is that openEditor passes the EDITOR environment variable and the config file path to sh -c without sanitization, enabling an attacker to execute arbit...

EUVD-2025-25625

Malicious code in bioql PyPI...

EUVD-2025-27611

Malicious code in bioql PyPI...

Liferay Portal is vulnerable to Reflected XSS attack through get_editor path

A reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML...

GHSA-JHGR-J9CJ-8J62 Liferay Portal is vulnerable to Reflected XSS attack through get_editor path

A reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML...

CVE-2025-43783

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML vi...

CVE-2025-43783

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML vi...

CVE-2025-43783

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML vi...

CVE-2025-43783

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attackers to inject arbitrary web script or HTML vi...

CVE-2025-43783

Reflected XSS in Liferay Portal and Liferay DXP due to insufficient input sanitization in the /c/portal/comment/discussion/get_editor endpoint. Affected: Portal 7.4.3.73–7.4.3.128 and DXP 2024.Q3.0–2024.Q3.1, 2024.Q2.0–2024.Q2.13, 2024.Q1.1–2024.Q1.12, and 7.4 update 73–92. Impact: remote attacke...

Liferay Portal Reflected XSS in CKeditor 4.21.0 endpoint

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

CVE-2025-43761

Summary of CVE-2025-43761 (NORMAL) Liferay Portal versions 7.4.0–7.4.3.131 and Liferay DXP 2024.Q1.1–Q4.4 (and 7.4 GA through update 92) are affected by a reflected XSS vulnerability. The issue arises from improper input validation in the frontend-editor-ckeditor-web/ckeditor/samples/old/ajax.htm...

Vvveb 注入漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. An injection vulnerability exists in Vvveb version 1.0.5, which stems from code injection due to a misbehavior of the function Save in the file...

Juzaweb CMS 安全漏洞

Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS 3.4.2 and earlier versions, which stems from improper access control in the file /admin-cp/plugin/editor...

The wind crossing the online shopping system vulnerabilities-vulnerability warning-the black bar safety net

Keywords fircla. asp? proclaid= Editor start, the root directory under the input editor background path: eWebEditor\760706bjsdyt2007-0 8 2 7. asp Database path: eWebEditor\yasda612376asdga656qtfyfsw656q\35275twfd3562qfwsayqtwreq. mdb...