Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.form.field.type is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in "Rich Text" type fields within web content structures, document types, or custom assets using the Data Engine module,...

EUVD-2024-53164

Malicious code in bioql PyPI...

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

CVE-2024-56455

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-56452

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-56456

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2021-29052

The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...

CVE-2024-56456

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-56452

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-56453

Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-56452

The CVE-2024-56452 issue concerns the 3D engine module’s glTF model loading where input parameters are not verified. The vulnerability affects the loading path of glTF models via the 3D engine module and is described as impacting availability. The PT-2025-3296 entry confirms the affected componen...

PT-2025-3297 · Unknown · 3D Engine Module

Name of the Vulnerable Software and Affected Versions: 3D engine module affected versions not specified Description: The issue concerns the lack of verification of input parameters during the loading of glTF models in the 3D engine module. Successful exploitation of this issue may impact...

PT-2025-3300 · Unknown · 3D Engine Module

Name of the Vulnerable Software and Affected Versions: 3D engine module affected versions not specified Description: The issue concerns the vulnerability of input parameters not being verified during the loading of glTF models in the 3D engine module. Successful exploitation of this vulnerability...

CVE-2024-9482

An out-of-bounds write in the engine module in AVG/Avast Antivirus signature 24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing...

CVE-2024-9482

An out-of-bounds write in the engine module in AVG/Avast Antivirus signature 24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing...

CVE-2024-9484

An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature 24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing...

CVE-2024-9484

CVE-2024-9484 affects AVG/Avast Antivirus on macOS due to a null-pointer-dereference in the engine module when processing malformed xar files. The issue, tied to signature

CVE-2024-9482

AVG/Avast Antivirus for macOS has an out-of-bounds write in the engine module triggered by malformed Mach-O files, potentially crashing the application during file processing. Affected are versions with signatures prior to 24092400. Remediation: update antivirus signature to 24092400 or later; as...

PT-2024-39660 · Avast · Avg/Avast Antivirus

Name of the Vulnerable Software and Affected Versions: AVG/Avast Antivirus versions prior to signature 24092400 Description: A null-pointer-dereference issue in the engine module of AVG/Avast Antivirus on MacOS allows a malformed xar file to crash the application during file processing...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that stems from a mal-implementation issue found in the V8 module. No details of the vulnerability are provided at this time...