CVE-2026-35567

...

CVE-2021-31673

A Dom-based Cross-site scripting XSS vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter...

SQL Injection

nukeviet/nukeviet is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the listid parameter in detail.php and the groupprice or groupid parameters in searchresult.php, which allows an attacker to execute malicious SQL queries through crafted input...

EUVD-2006-2736

Malware in sbrugna...

EUVD-2018-11458

Malware in sbrugna...

EUVD-2018-11488

Malware in sbrugna...

EUVD-2005-2474

Malware in sbrugna...

EUVD-2017-7392

Malware in sbrugna...

EUVD-2018-11459

Malware in sbrugna...

EUVD-2005-2475

Malware in sbrugna...

EUVD-2018-11487

Malware in sbrugna...

EUVD-2018-11452

Malware in sbrugna...

EUVD-2018-11449

Malware in sbrugna...

EUVD-2018-11497

Malware in sbrugna...

EUVD-2025-7052

Malicious code in bioql PyPI...

EUVD-2022-31934

Malicious code in bioql PyPI...

EUVD-2025-28006

Malicious code in bioql PyPI...

EUVD-2025-9608

Malicious code in bioql PyPI...

Insecure Direct Object Reference (IDOR)

com.liferay:com.liferay.roles.selector.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control in the groupId parameter of the comliferayrolesselectorwebportletRolesSelectorPortletgroupId, which allows an attacker with organization...

CVE-2025-43732

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference IDOR in the...