613 matches found
EUVD-2022-4004
Malicious code in bioql PyPI...
EUVD-2022-0630
Malicious code in bioql PyPI...
EUVD-2022-4107
Malicious code in bioql PyPI...
EUVD-2022-4073
Malicious code in bioql PyPI...
EUVD-2022-4512
Malicious code in bioql PyPI...
EUVD-2022-3838
Malicious code in bioql PyPI...
EUVD-2022-6349
Malicious code in bioql PyPI...
EUVD-2024-47672
Malicious code in bioql PyPI...
EUVD-2022-2637
Malicious code in bioql PyPI...
EUVD-2023-2179
Malicious code in bioql PyPI...
EUVD-2022-4687
Malicious code in bioql PyPI...
EUVD-2022-2809
Malicious code in bioql PyPI...
EUVD-2024-1112
Malicious code in bioql PyPI...
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
...
Missing Authorization
Overview io.jenkins.plugins:opentelemetry is a Monitor and observe Jenkins with OpenTelemetry. Affected versions of this package are vulnerable to Missing Authorization due to the absence of a required permission check in the method implementing form validation. An attacker can access sensitive...
TOTOLINK EX1200T Certification Bypass Vulnerability
The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from an authentication bypass vulnerability that originates from formLoginAuth.htm not properly validating the login request, which can be exploited by an attacker to gain system...
CVE-2024-6610
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2023-32985
Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2023-24449
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2023-24455
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...