83 matches found
EUVD-2020-1452
Malware in sbrugna...
EUVD-2020-1475
Malware in sbrugna...
EUVD-2020-1470
Malware in sbrugna...
EUVD-2021-2170
Malware in sbrugna...
EUVD-2020-1454
Malware in sbrugna...
EUVD-2022-6298
Malicious code in bioql PyPI...
EUVD-2024-3523
Malicious code in bioql PyPI...
EUVD-2022-0465
Malicious code in bioql PyPI...
EUVD-2024-2160
Malicious code in bioql PyPI...
EUVD-2024-2165
Malicious code in bioql PyPI...
CVE-2025-34203 Vasion Print (formerly PrinterLogic) Use of Outdated, End-Of-Life, and Vulnerable Third-Party Components
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 VA and SaaS deployments contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party components examples:...
CVE-2021-32648
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...
CVE-2021-32650
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...
CVE-2021-29487
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...
CVE-2022-21705
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
CVE-2024-25637
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-24764 October Open Redirect for Administrator Accounts
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an op...
CVE-2023-37269
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Users with the backend.managebranding permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting...