36 matches found
CVE-2016-10404
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp...
CVE-2023-31141
OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...
CVE-2025-66313 ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter
ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper...
CVE-2025-66313 ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter
ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper...
EUVD-2025-200114
ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper...
EUVD-2018-11436
Malware in sbrugna...
EUVD-2020-23238
Malware in sbrugna...
EUVD-2011-4675
Malware in sbrugna...
EUVD-2017-17400
Malware in sbrugna...
EUVD-2018-10932
Malware in sbrugna...
EUVD-2021-23408
Malware in sbrugna...
EUVD-2023-33539
Malicious code in bioql PyPI...
EUVD-2024-0740
Malicious code in bioql PyPI...
EUVD-2022-33865
Malicious code in bioql PyPI...
EUVD-2024-0683
Malicious code in bioql PyPI...
EUVD-2023-52532
Malicious code in bioql PyPI...
CVE-2025-43698
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025...
CVE-2022-41918
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...
CVE-2024-13311 Allow All File Extensions for file fields - Critical - Unsupported - SA-CONTRIB-2024-075
Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields:...
CVE-2024-20768
CVE-2024-20768 is a stored XSS in Adobe Experience Manager (AEM) 6.5.19 and earlier. The vulnerability allows injected JavaScript in vulnerable form fields, which executes in a victim’s browser when loading the page containing the field. Affected product/versions: AEM 6.5.19 and earlier. Root cau...