32 matches found
CVE-2025-40834
A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...
Joomla! XSS Vulnerability (20260101)
Joomla! is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...
More Prompt||GTFO
The next three in this series on online events highlighting interesting uses of AI in cybersecurity are online: 4, 5, and 6. Well worth watching...
CVE-2025-40834
A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...
SonarQube 操作系统命令注入漏洞
SonarQube is a code inspection tool from Sonar Open Source. An operating system command injection vulnerability exists in SonarQube versions 4.0.0 through prior to 6.0.0, which stems from a failure to properly validate user input on the Windows runner and could lead to arbitrary command execution...
Linux Distros Unpatched Vulnerability : CVE-2016-0803
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code ...
Linux Distros Unpatched Vulnerability : CVE-2016-3758
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before...
xml-crypto 安全漏洞
NPM xml-crypto is a digital signature and cryptography library from NPM. A security vulnerability in xml-crypto versions 4.0.0 through 6.0.0, which stems from a default configuration that does not check the authorization of the signer, allows attackers to bypass XML signature verification...
UBUNTU-CVE-2024-30161
In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...
CVE-2023-49117
PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...
PT-2023-8311 · Powercms · Powercms
Name of the Vulnerable Software and Affected Versions: PowerCMS versions 4 Series through 6 Series PowerCMS versions 3 Series and earlier Description: The issue is related to an open redirect vulnerability. It allows a remote attacker to redirect users to arbitrary web sites via a specially craft...
SUSE CVE-2023-3648
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file...
Hewlett Packard Enterprise Integrated Lights-Out 跨站脚本漏洞
Hewlett Packard Enterprise Integrated Lights-Out is a remote control solution from Hewlett Packard Enterprise. The solution enables remote monitoring and operation of IT assets such as servers. A security vulnerability exists in Hewlett Packard Enterprise Integrated Lights-Out 6 iLO 6, Integrated...
SUSE CVE-2007-5461
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag...
org.dataone.dspace:auto-versioning-xmlui (>=5.4.0 <=5.4.2), org.dspace.modules:xmlui (>=4.0 <=6.3) potentially affected by CVE-2022-31190 via org.dspace:dspace-xmlui (>=4.0 <=6.3)
org.dspace:dspace-xmlui MAVEN version =4.0, =5.4.0, =4.0, =6.3 Source cves: CVE-2022-31190 Source advisory: OSV:GHSA-7W85-PP86-P4PQ...
DSpace 路径遍历漏洞
DSpace is an open source turnkey repository application from the DuraSpace community. A path traversal vulnerability exists in DSpace versions 4.0 through 6.3, which stems from the intention that the SAF Simple Archive Format package could lead to the creation of files/directories in any location...
DSpace 输入验证错误漏洞
DSpace is an open source turnkey repository application from the DuraSpace community. An input validation error vulnerability exists in DSpace versions 4.0 through 6.3, which stems from the vulnerability of a JSPUI-controlled vocabulary servlet to an open redirection attack, where an attacker can...
PT-2021-10922 · Unknown · Thinkadmin
Name of the Vulnerable Software and Affected Versions: ThinkAdmin versions 4.x through 6.x Description: An insecure unserialize vulnerability was discovered in ThinkAdmin, which may lead to arbitrary remote code execution. The issue is located in files such as "app/admin/controller/api/Update.php...
CVE-2019-19093
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords...
CVE-2019-19000
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP headers have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information...