12 matches found
EUVD-2025-201854
SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...
SAP SAPUI5 安全漏洞
SAP SAPUI5 is a JavaScript application framework from SAP, a German company. A security vulnerability exists in SAP SAPUI5 that stems from the use of outdated third-party libraries resulting in an infinite loop, which could result in a denial-of-service attack...
PT-2025-49763
SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...
What AI Reveals About Web Applications— and Why It Matters
Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your syste...
EUVD-2019-0736
Malware in sbrugna...
TencentOS Server 4: postgresql16 (TSSA-2025:0172)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0172 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Arbitrary JavaScript execution due to using outdated libraries
Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...
Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries
A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...
Jenkins Multiple Vulnerabilities (Feb 2017) - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
Jenkins Multiple Vulnerabilities (Feb 2017) - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
Hi @ll, this is part 2 of "Defense in depth -- the Microsoft way", see http://seclists.org/fulldisclosure/2013/May/107 On Windows NT 5.x the current "Microsoft Security Essentials" v4.2 available from http://www.microsoft.com/securityessentials, and offered as optional update KB2804527 via...
Microsoft Security Essentials outdated libraries
Outdated runtime libraries with known vulnerabilities are installed in Windows XP / 2003...