35246 matches found
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...
CVE-2026-48906
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
dotnet: .NET: infinite loop allows an attacker to cause a denial of service
A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources...
Server-side Request Forgery (SSRF)
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. The NoPrivateNetworkHttpClient is designed to be a security boundary that blocks requests to private/interna...
Authentication Bypass Using an Alternate Path or Channel
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via failureforward Subrequest. An attacker could manipulate the failurepath parameter...
Improper Verification of Cryptographic Signature
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the webhook request parser. The validateSignature method extracts the...
Improper Encoding or Escaping of Output
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the HtmlSanitizer component that fails to properly detect and strip percent-encoded BiDi...
CVE-2025-22741
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...
CVE-2026-48906 Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
CVE-2026-48906 Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
EUVD-2026-32162
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
CVE-2026-48906
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites...
CVE-2026-48906
CVE-2026-48906 affects the Tassos Framework Plugin (Novarain/Tassos Framework) used with Joomla. The CVE records describe an arbitrary file deletion vulnerability in the plugin prior to version 6.1.0, enabling deletion of arbitrary files on affected sites. The CVSS analysis indicates remote acces...
dotnet: .NET: infinite loop allows an attacker to cause a denial of service
A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources...
BIT-JOOMLA-2026-48905 Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Lack of input filtering leads to an XSS vector in the HTML filter code...
BIT-JOOMLA-2026-48903 Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...
CVE-2025-22741
CVE-2025-22741 concerns a Reflected Cross-Site Scripting in RiceTheme Felan Framework and the WordPress Felan Framework plugin (
CVE-2025-22741
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...
EUVD-2025-209955
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...
CVE-2025-22741 WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...