CVE-2025-2376

A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to...

CVE-2025-2376

A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to...

CVE-2025-2376 viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization

A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to...

CVE-2025-2376

Affected product : viames Pair Framework (up to 1.9.11). Vulnerability : The function getCookieContent in /src/UserRemember.php (PHP Object Handler) deserializes data from a cookie after manipulating the cookieName argument, enabling remote exploitation. Impact : Deserialization of untrusted data...

ROS-20241008-01

Vulnerability in the DWARF Object Handler component of the library for providing access to debugging information DWARF libdwarf is associated with a re-release vulnerability. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a memory leak...

The vulnerability of the object handler in PDF Foxit PDF Reader, which is related to the use of memory after it is freed, allows a hacker to execute arbitrary code.

The vulnerability of the object handler in PDF document viewers in Foxit PDF Reader relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Cross-Site Scripting (XSS)

net.dreamlu:mica-xss is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on victim's browser via the Form Object Handler...

CVE-2023-2220

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...

CVE-2023-2220

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...

Cross site scripting

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...

PT-2023-18381 · Dream Technology · Mica

Name of the Vulnerable Software and Affected Versions: Dream Technology mica versions up to 3.0.5 Description: A problematic issue has been identified, affecting an unknown function of the component Form Object Handler. This issue leads to cross site scripting and can be exploited remotely...

Dream Technology mica 跨站脚本漏洞

Dream Technology mica is a Spring Cloud microservices development core package from China-based Dream Technology. A cross-site scripting vulnerability exists in Dream Technology mica 3.0.5 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the Form Object Handler...

OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI...

OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability

Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...