24 matches found
CVE-2026-30916 Shescape has possible misidentification of shell due to link chains
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...
CVE-2026-30916
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the software behavior described did not falls within the project's threat model. See https://github.com/github/advisory-database/pull/7206 for more information...
EUVD-2026-10424
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...
CVE-2026-30916
...
EUVD-2025-124973
Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used backgrou...
CVE-2025-64404
Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used backgrou...
EUVD-2022-2431
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-15062
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page...
python: Path traversal on tempfile.TemporaryDirectory
A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link...
CVE-2023-2255
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would lo...
GHSA-4QQ9-QG7J-FCM9 Dolibarr Cross-Site Request Forgery (CSRF)
An issue was discovered in Dolibarr. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer header; howeve...
Dolibarr Cross-Site Request Forgery (CSRF)
An issue was discovered in Dolibarr. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer header; howeve...
Improper Privilege Management in dolibarr/dolibarr
💥 BUG unprivileged user can edit/share linked file of a project . 💥 VIDEO https://drive.google.com/file/d/1YaiG0vjFTuqZRck7dMLqkhT7HSZqaEdu/view?usp=sharing 💥 STEP TO REPRODUCE 1. From admin account add user B as normal user .\ now give user B bellow permission for project module.\ ----Read...
Cross-site Request Forgery (CRSF)
dolibarr is vulnerable to cross-site request forgery CSRF. The vulnerability exists as an iframe element that contains a user/card.php CSRF request in the Linked Files settings page can be visited by an admin to cause an admin account takeover...
CVE-2019-15062
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...
CVE-2019-15062
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...
CVE-2019-15062
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...
UBUNTU-CVE-2019-15062
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...
CVE-2019-15062
Dolibarr 11.0.0-alpha is affected by a Cross-Site Request Forgery (CSRF) vulnerability. An attacker can store an IFRAME in a user’s Linked Files settings page containing a CSRF request to user/card.php. When an admin visits this page, the attack can fully compromise the admin account. The underly...
PT-2019-13962 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.0-alpha Description: An issue allows a user to store an IFRAME element, containing a user/card.php CSRF request, in their Linked Files settings page. When visited by the admin, this could completely take over the admin...