84 matches found
CLSA-2025-1741215546 cups: Fix of CVE-2024-47175
CVE-2024-47175: fixed multiple PPD vulnerabilities by validating inputs, sanitizing strings, quoting localized data, and addressing warnings in cups/ppd-cache.c and scheduler/ipp.c...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when viewing certain localized backoffice components. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The...
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
Impact Authenticated users are able to exploit an XSS vulnerability when viewing certain localized backoffice components. Patches Will be patched in 14.3.2 and 15.1.2. Note: This issue was reported by Pratik Patil from NetSPI @Nexusss-ppatil...
GHSA-WV8V-RMW2-25WC XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
Impact Authenticated users are able to exploit an XSS vulnerability when viewing certain localized backoffice components. Patches Will be patched in 14.3.2 and 15.1.2. Note: This issue was reported by Pratik Patil from NetSPI @Nexusss-ppatil...
CVE-2025-24012 Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 conta...
Umbraco 跨站脚本漏洞
Umbraco is an open source Content Management System CMS written in C by the Danish company Umbraco. A cross-site scripting vulnerability exists in Umbraco version 14.0.0 and earlier, which originates from an authenticated user viewing certain localized back-end components and can easily lead to a...
PT-2025-5259 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions 14.0.0 through 14.3.1 Umbraco versions 15.0.0 through 15.1.1 Description: The issue allows authenticated users to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components...
Malicious code in acts-as_localized (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in actionmailer-localized-preview (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
EulerOS 2.0 SP11 : git (EulerOS-SA-2023-2641)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by...
EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2023-3398)
According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,...
Oracle Linux 9 : git (ELSA-2023-3245)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3245 advisory. 2.39.3-1 - Update to 2.39.3 - Resolves: 2188352, 2188361, 2189976, 2189977 Tenable has extracted the preceding description block directly from the Orac...
SUSE CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
Hardcoded credentials
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
CVE-2023-25815 Git looks for localized messages in the wrong place
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the gettext function's implicit initialization no...
Git for Windows 格式化字符串错误漏洞
Git for Windows is Git's Git for Windows. A formatting string error vulnerability exists in Git for Windows version 2.40.0 and prior versions, which stems from the use of hard-coded paths to find localized messages...
SUSE CVE-2009-0922
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service stack consumption and crash by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding...
GHSA-PWVJ-6PHX-QV8C CSRF vulnerability in Jenkins Translation Assistance plugin
Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator...