23 matches found
EUVD-2019-18838
Malware in sbrugna...
EUVD-2023-27399
Malicious code in bioql PyPI...
CVE-2025-48494
CVE-2025-48494 concerns Gokapi, a self-hosted file sharing server. The issue is a stored XSS vulnerability when using end-to-end encryption: uploading a file with a JavaScript payload in the filename, which is parsed when the upload list is opened. Before version 2.0.0, there was no user-permissi...
PT-2025-23497 · Gokapi · Gokapi
Name of the Vulnerable Software and Affected Versions: Gokapi versions prior to 2.0.0 Description: Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. A stored cross-site scripting issue can be exploited by uploading a file with JavaScript code embedded i...
CVE-2025-32791 Permission policy information leakage in Backstage permission system
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...
CVE-2025-32791 Permission policy information leakage in Backstage permission system
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...
CVE-2025-0422
An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. Remote Code Execution For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a new "Info". By defaul...
CVE-2023-23299
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...
Code injection
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data...
Node.js: fs module's file watching is not restricted by --allow-fs-read
The fs module's file watching feature in Deno was not restricted by the --allow-fs-read flag, allowing attackers to watch files they did not have read access to...
Node.js: fs.openAsBlob() bypasses permission system
The fs.openAsBlob method in Node.js, when used with the --experimental-permission flag, allowed bypassing the permission system and reading files without the required permissions...
Node.js: The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1
The use of proto in process.mainModule.proto.require allowed bypassing the permission system in Node v19.6.1, enabling the loading of unauthorized dependencies...
Vulnerability Spotlight: Multiple vulnerabilities in phpGACL class
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the phpGACL class. One of these vulnerabilities also affects OpenEMR, a medical practice management software written in PHP. phpGACL is a PHP library...
Moxa MXView installation File Permission System Authorization Issues Vulnerability
Moxa MXView is a software from Moxa Taiwan, China specialized in managing networks. The software can be used to perform operations such as configuration processing for all devices within the network. An authorization issue vulnerability exists in the file permission system in Moxa MXView...
CVE-2019-9464
CVE-2019-9464 is a targeted Elevation of Privilege vulnerability in the Android Framework affecting Android 10, caused by an incorrect warning about an app accessing the user’s location in RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java. This could undermine ...
openSUSE Security Update : dosbox (openSUSE-2019-1905)
This update for dosbox fixes the following issues : Security issues fixed : - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the...
OPENSUSE-SU-2019:1920-1 Security update for dosbox
This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the content...
OPENSUSE-SU-2019:1905-1 Security update for dosbox
This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer bnc1140254. - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the content...
Security update for dosbox (important)
openSUSE Security Update: Security update for dosbox Announcement ID: openSUSE-SU-2019:1920-1 Rating: important References: 1140254 Cross-References: CVE-2019-12594 CVE-2019-7165 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available. Descriptio...
Updated dosbox package fixes security vulnerabilities
Dosbox 0.74-3 is a security release: Fixed that a very long line inside a bat file would overflow the parsing buffer. CVE-2019-7165 by Alexandre Bartel Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc e.g. /proc/self/mem when / or /proc we...