CVE-2025-70821

The CVE-2025-70821 entry affects Renren-security (renren-security) prior to v5.5.0. Affected component: BaseServiceImpl.java, where the vulnerability is a SQL injection flaw likely arising from unsafe SQL construction. Impact is described as high/critical (CVSS 3.1: 9.8; Network attack, no privil...

CVE-2026-2863 feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java deleteFile path traversal

A flaw has been found in fenghaha/megagao ssm-erp and productionssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path traversal. The attack can be initiated remotely. The exploit has been...

CVE-2026-24794

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

CVE-2026-24794

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

CVE-2026-24794 Chunk Unloading Security Vulnerability in CardboardPowered/cardboard

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

PT-2026-4863

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

CVE-2021-0466

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

org.apache.causeway.core:causeway-core-config (=4.0.0-M1), org.apache.causeway.core:causeway-core-interaction (=4.0.0-M1) +105 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (=4.0.0-M1)

org.apache.causeway.core:causeway-applib MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - org.apache.causeway.core:causeway-core-config =4.0.0-M1 -...

CVE-2025-13268

A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...

PT-2025-47128

Name of the Vulnerable Software and Affected Versions Dromara dataCompare versions up to 1.0.1 Description A flaw exists in Dromara dataCompare related to the JDBC URL Handler component. The issue resides within the DbConfig function of the file...

thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in MediaTrackGraphImpl::GetInstance...

EUVD-2022-0715

Malicious code in bioql PyPI...

CVE-2025-11013

A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xmlparsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local...

com.liferay.maven.plugins:liferay-maven-plugin (>=6.0.2 <=6.0.6), com.liferay.portal:util-taglib (>=6.0.2 <=6.0.6) +3 more potentially affected by CVE-2025-43809 via com.liferay.portal:portal-impl (>=6.0.2 <=6.0.6)

com.liferay.portal:portal-impl MAVEN version =6.0.2, =6.0.2, =6.0.2, =2.4, =1.0, =2.0, =2.5 Source cves: CVE-2025-43809 Source advisory: SNYK:JAVA-COMLIFERAYPORTAL-13003719...

Cross-site Request Forgery (CSRF)

Overview com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the orderUuid parameter in the server license registration process. An attacker can register a server license without authorization by tricking an...

Use of Default Credentials

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Use of Default Credentials due to the API not restricting access before a user has changed their initial password. An attacker can gain unauthorized access and...

Linux Distros Unpatched Vulnerability : CVE-2018-19761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an illegal address access at fromsixel.c function: sixeldecoderawimpl in libsixel 1.8.2 that will cause a denial of service. CVE-2018-19761 Note that...

Malicious code in dip-client-impl (npm)

The package dip-client-impl was found to contain malicious code...

MAL-2025-18466 Malicious code in dip-client-impl (npm)

The package dip-client-impl was found to contain malicious code...