CVE-2025-59014

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...

TYPO3 Bookmark Toolbar vulnerable to denial of service

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...

CVE-2025-59014

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...

CVE-2025-59014

An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar...

PT-2025-30564 · Ibm · Ibm Smartcloud Analytics Log Analysis

Name of the Vulnerable Software and Affected Versions: IBM SmartCloud Analytics - Log Analysis versions 1.3.7.0 through 1.3.8.2 Description: IBM SmartCloud Analytics - Log Analysis is susceptible to a security bypass that allows a local, authenticated attacker to manipulate data by circumventing...

CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 13.3.1, which originates from manipulated data stored in the bookmarks toolbar of the back-end user interface, and can be...

CVE-2024-34537

TYPO3 before 13.3.1 allows denial of service interface error in the Bookmark Toolbar ext:backend, exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21...

PT-2024-25956

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 10.4.46 ELTS TYPO3 versions prior to 11.5.40 LTS TYPO3 versions prior to 12.4.21 LTS TYPO3 versions prior to 13.3.1 Description The issue allows for denial of service, causing an interface error in the Bookmark Toolbar,...

CVE-2023-29044

Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get...

CVE-2023-39514

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

An attacker could manipulate the _rngAuctionResult to unfairly distribute more rewards to themselves

Lines of code Vulnerability details Impact When the rewards are calculated using computeRewards, the attacker's inflated rewardFraction will be used, giving them a bigger share Proof of Concept The rngAuctionResult passed to rngComplete is stored directly into the auctionResults array without any...

ERPGo SaaS 3.9 - CSV Injection Vulnerability

Exploit Title: ERPGo SaaS 3.9 - CSV Injection Exploit Author: Sajibe Kanti Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version: 3.9 Tested on: Windows &...

12 Cyber Threats That Could Wreak Havoc on the Election

From targeted misinformation to manipulated data, these are the cybersecurity concerns election officials worry about most...

expaint.ru Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1130225 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Tuleap 9.6 Second-Order PHP Object Injection

This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...