CVE-2022-35628

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3...

CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

CVE-2023-53586

creationtimestamp| type| source ---|---|--- 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41773 more potentially affected by CVE-2025-66031 via node-forge (>=0.10.0 <=1.3.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41773 more potentially affected by CVE-2025-12816 via node-forge (>=0.10.0 <=1.3.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

CarLux 安全漏洞

CarLux is a car booking system by the individual developer AKSHIT SONANI. A security vulnerability exists in CarLux version 1.0, which stems from /carlux/forgot-pass.php being vulnerable to SQL injection attacks...

EUVD-2022-6412

Malicious code in bioql PyPI...

CVE-2018-19159

lux through 5.2.2 a chain-based proof-of-stake cryptocurrency allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk...

Malicious code in lol-lux-shopping-mall (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a990aae5e086e13c87464c79e52ba48732a675a67318f2a84bd502b2f3b2d1e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2023-45594

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This...

CVE-2023-45595

A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “fileconfiguration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

PT-2024-14811 · Mariadb · Mariadb

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A CWE-798 “Use of Hard-coded Credentials” issue in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all...

PT-2024-13264 · Unknown · Ailux Imx6 Bundle

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A CWE-613 “Insufficient Session Expiration” issue in the web application exists due to the session cookie sessionid lasting two weeks, which facilitates session hijacking attacks...

PT-2024-13256 · Google · Chromium-Browser

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser exacerbates the impacts of successful attacks executed against the browser. This...

lux-limousines.com Improper Access Control vulnerability OBB-3804122

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lux-striptease.com Improper Access Control vulnerability OBB-3804123

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aaa-lux-lighting.com Improper Access Control vulnerability OBB-3791275

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

lux-auction.com Cross Site Scripting vulnerability OBB-3579845

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

indoor-lux.com Cross Site Scripting vulnerability OBB-3371338

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...