56 matches found
EUVD-2023-1772
Malicious code in bioql PyPI...
EUVD-2023-0940
Malicious code in bioql PyPI...
EUVD-2023-0816
Malicious code in bioql PyPI...
EUVD-2023-1962
Malicious code in bioql PyPI...
EUVD-2023-1853
Malicious code in bioql PyPI...
CVE-2023-2859
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-3190
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-1545
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23...
CVE-2023-1463
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23...
CVE-2023-2516
Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7...
Improper Access Control
nilsteampassnet/teampass is vulnerable to Improper access control. The vulnerability is due to the application failing to properly validate whether a folder belongs to the user's allowed folders list defined by an admin, allowing an attacker to bypass access restrictions and access unauthorized...
Improper Access Control
nilsteampassnet/teampass is vulnerable to Improper Access Control. A remote authenticated attacker is able to gain access to read the information of other users via guessing and editing the ID on the request, resulting in disclosure of sensitive information...
CVE-2023-3565
Cross-site Scripting XSS - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10...
CVE-2023-3565
CVE-2023-3565 corresponds to a Cross-site Scripting (XSS) vulnerability in TeamPass (nilsteampassnet/teampass) prior to version 3.0.10. Multiple connected records confirm the issue as a generic XSS condition in the GitHub repo, with remediation guidance to upgrade to 3.0.10 or newer. Some sources...
CVE-2023-3552
The CVE-2023-3552 entry concerns TeamPass (nilsteampassnet/teampass) prior to version 3.0.10, where improper encoding or escaping of output enables cross-site scripting in folder names. The root cause is insufficient encoding/escaping of outputs, allowing injection of malicious content into the i...
CVE-2023-3551
CVE-2023-3551 applies to nilsteampassnet/teampass prior to 3.0.10, where a lack of input restrictions allows code injected into tp.config.php to be executed (Remote Code Execution). Documented impact is high/critical with network-based access and no required user interaction. remediation is to up...
CVE-2023-3531 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10...
CVE-2023-3531
CVE-2023-3531: Cross-site Scripting (XSS) in nilsteampassnet/teampass prior to 3.0.10. The vulnerability is described as a stored XSS on the Search page, resulting from insufficient input sanitization in the pages/item component. Exploitation details are not consistently provided across documents...
CVE-2023-3190
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-3190
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...