CVE-2025-62346 HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability

A Cross-Site Request Forgery CSRF vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint...

EUVD-2025-198270

A Cross-Site Request Forgery CSRF vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint...

Malicious code in ita-5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a11cadd5e9eaebbb3c8a6ecd80cdc766d064fc641b1e81e54583edfbafb9a7b8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gita-rangi38-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a3807496f879db022b29c8ffcdc6151b028e0f1ba3748637a8eb442a8b78d34 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in hadi-dodol8-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9c0292aa2f3ee9cb5d8852b71beb30fd9a6235f2e5500380a4d8efbfed0bdc01 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2024-17427

Malicious code in bioql PyPI...

CVE-2021-25443

A use after free vulnerability in conngadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker...

CVE-2025-30009

he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...

Theft of ETH that was not used for successful execution of orders in non-atomic execution

Lines of code Vulnerability details Description There is an execute function in LooksRareAggregator contract. It refunds any ETH that was unused for example that left due to the unsuccessful execution of an order at the end of its execution flow: returnETHIfAnyoriginator; returnETHIfAny function ...

CVE-2022-27834

Use after free vulnerability in dspcontextunloadgraph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions...

Design/Logic Flaw

A use after free vulnerability in conngadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker...

CVE-2021-25443

A use after free vulnerability in conngadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker...

Control character injection in console output in github.com/ipfs/go-ipfs

Impact Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. Patches - Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0 For more information If you have any questions...

GHSA-R4GV-VJ59-CCCM Control character injection in console output in github.com/ipfs/go-ipfs

Impact Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. Patches - Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0 For more information If you have any questions...

Cross site scripting

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting XSS vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerabilit...

Design/Logic Flaw

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

CVE-2019-7361

An attacker may convince a victim to open a malicious action micro .actm file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018,...

Shopify: H1514 Lack of access control on edit packing slip template

Summary: An admin is able to edit the Edit packing slip template at /admin/settings/packingsliptemplate. However, a staff user with only "Home" permission and none other can view and also make edits to this template. Description: The Edit packing slip feature exists so an admin user can customize...

Security flaw in Airtel DSL modems

Hi, I've found a few problems with the way DSL modems by a vendor Bharti and provided by Airtel an Indian ISP are setup. I've been talking with Airtel on this over the past couple of months to try to get them to close the vulnerability. They feel that they have addressed the issue appropriately...

dbmanDefault.txt

Tunis the 31/jan/2006 bug found by Fireboy [email protected] Product affected:DBMan for Windows and Unix Product vendor: http://www.gossamer-threads.com the problem with DBman is default passwords these are default pass : admin/admin,author/author,guest/guest if the admin not change the pas...