666 matches found
EUVD-2022-1825
Malicious code in bioql PyPI...
EUVD-2024-35513
Malicious code in bioql PyPI...
Improper Encoding or Escaping of Output
Overview element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious sites, or conduct...
Improper Encoding or Escaping of Output
Overview org.webjars.npm:element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious...
CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation
The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...
@luxiaodan/el-selection-tree-table (=1.0.3) potentially affected by unknown CVE via lodsah (=0.0.1-security)
lodsah NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on lodsah and may be impacted: - @luxiaodan/el-selection-tree-table =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-25516...
WordPress WoodMart - Multipurpose WooCommerce Theme plugin <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation vulnerability
WordPress WoodMart - Multipurpose WooCommerce Theme plugin = 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation vulnerability discovered by Samir El Khaouti in WordPress Theme WoodMart versions = 8.2.6...
Drug cartel hacked cameras and phones to spy on FBI and identify witnesses
The "El Chapo" Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to identify and kill potential witnesses, the US Department of Justice has said. And seven years on, the Bureau's defenses against this kind of surveillance are still inadequat...
The Promise and Peril of Digital Security in the Age of Dictatorship
LGBTIQ+ organizations in El Salvador are using technology to protect themselves and create a record of the country’s ongoing authoritarian escalations against their community. It’s not without risks...
DEBIAN-CVE-2025-38001
In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...
Pepperl+Fuchs Profinet Gateway 访问控制错误漏洞
Pepperl+Fuchs Profinet Gateway is a series of gateways from Pepperl+Fuchs. An access control error vulnerability exists in Pepperl+Fuchs Profinet Gateway FB8122A.1.EL and Profinet Gateway LB8122A.1.EL, which stems from the fact that an unauthenticated, remote attacker can access specific URLs to...
Pepperl+Fuchs Profinet Gateway 跨站脚本漏洞
Pepperl+Fuchs Profinet Gateway is a series of gateways from Pepperl+Fuchs. A cross-site scripting vulnerability exists in Pepperl+Fuchs Profinet Gateway FB8122A.1.EL and Profinet Gateway LB8122A.1.EL, which stems from improper input neutralization during web page generation and could lead to a...
CVE-2024-49232
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in derethor El mejor Cluster mejorcluster allows DOM-Based XSS.This issue affects El mejor Cluster: from n/a through = 1.1.15...
CVE-2024-35755
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40...
CVE-2022-27103
element-plus 2.0.5 is vulnerable to Cross Site Scripting XSS via el-table-column...
CVE-2020-1959
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
CVE-2017-13907
A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked...
PT-2025-20921
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile EPMM versions 12.5.0.0 and prior Description A flaw exists in the API component of Ivanti Endpoint Manager Mobile EPMM that allows authenticated attackers to execute arbitrary code through crafted API requests...
Security Bulletin: IBM Cognos Analytics is vulnerable to Malicious File Upload and EL Injection vulnerabilities (CVE-2024-40695, CVE-2024-51466)
Summary IBM Cognos Analytics is considered vulnerable to a Malicious File Upload which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2024-40695 and an Expression Language EL Injection which could allow a remote attacker to explo...