14 matches found
CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability
A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...
hackage-server 跨站请求伪造漏洞
hackage-server is a Haskell open-source package repository server. hackage-server has a cross-site request forgery vulnerability. This vulnerability stems from the lack of protection against cross-site request forgery attacks, which may allow external scripts to trigger requests, enabling the abu...
CVE-2026-23940
Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of...
Kibana 7.0.x < 8.19.8 / 9.0.x < 9.1.8 / 9.2.x < 9.2.2 XSS (ESA-2025-28)
The version of Kibana running on the remote host is prior to 7.0 prior to 8.19.8, 9.0 prior to 9.1.8 and 9.2 prior to 9.2.2. It is, therefore, affected by a cross-site scripting vulnerability as referenced in the ESA-2025-28 advisory. - Improper neutralization of input during web page generation...
CVE-2025-37732
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...
CVE-2025-37732
Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 CVE-2025-25018 bypassing that fix to achieve HT...
Cross-site Scripting (XSS)
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the integration package upload functionality. An attacker can execute arbitrary HTML or script code i...
CVE-2025-13428
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
EUVD-2012-1179
Malware in sbrugna...
EUVD-2025-14756
Malicious code in bioql PyPI...
CVE-2025-31484
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...
Cisco Industrial Network Director 操作系统命令注入漏洞
Cisco Industrial Network Director IND is an industrial automation management system from Cisco. The system achieves automation management by visualizing the industrial Ethernet infrastructure. Cisco Industrial Network Director suffers from an operating system command injection vulnerability that...
CVE-2023-20017
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These...
CVE-2012-1145
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...