📄 PKP-WAL 3.5.0-1 Cross Site Request Forgery

PKP-WAL versions 3.5.0-1 and below suffer from a cross site request forgery vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 Login Cross-Site Request Forgery Vulnerability ----------------------------------------------------------------- - Softwar...

Malicious code in preprint (npm)

The package preprint was found to contain malicious code...

MAL-2025-29614 Malicious code in preprint (npm)

The package preprint was found to contain malicious code...

Public Knowledge Project Platform OJS/OMP/OPS 安全漏洞

Public Knowledge Project Platform OJS/OMP/OPS PKP Platform OJS/OMP/OPS is an open source publishing platform from Public Knowledge Project, Inc. A security vulnerability exists in Public Knowledge Project Platform OJS/OMP/OPS versions prior to 3.3.0.21 and versions prior to 3.4.x through 3.4.0.8,...

Public Knowledge Project Platform OJS/OMP/OPS 安全漏洞

Public Knowledge Project Platform OJS/OMP/OPS PKP Platform OJS/OMP/OPS is an open source publishing platform from Public Knowledge Project, Inc. A security vulnerability exists in Public Knowledge Project Platform OJS/OMP/OPS versions prior to v3.3.0.16, which stems from a vulnerability that allo...

PKP-WAL 3.4.0-3 Remote Code Execution Exploit

PKP Web Application Library PKP-WAL versions 3.4.0-3 and below, as used in Open Journal Systems OJS, Open Monograph Press OMP, and Open Preprint Systems OPS before versions 3.4.0-4 or 3.3.0-16, suffer from a NativeImportExportPlugin related remote code execution vulnerability...

PKP-WAL 3.4.0-3 Remote Code Execution

--------------------------------------------------------------------------------- PKP-WAL getDeployment; 103. 104. $context = $deployment-getContext; 105. 106. $locale = $node-getAttribute'locale'; 107. if empty$locale 108. $locale = $context-getPrimaryLocale; 109. 110. 111. $coverImagelocale = ;...

PKP Web Application Library Cross-Site Scripting Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site scripting vulnerability exists in versions prior to PKP Web Application Library 3.3.0-1...

PKP Web Application Library Cross-Site Scripting Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site scripting vulnerability exists in the PKP Web Application Library prior to version...

PKP Web Application Library Cross-Site Request Forgery Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site request forgery vulnerability exists in versions prior to PKP Web Application Library...

PKP Web Application Library Cross-Site Scripting Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site scripting vulnerability exists in versions prior to PKP Web Application Library 3.3.0-1...

PKP Web Application Library Cross-Site Scripting Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site scripting vulnerability exists in versions prior to PKP Web Application Library 3.3.0-1...

PKP Web Application Library Cross-Site Request Forgery Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site request forgery vulnerability exists in versions prior to PKP Web Application Library...

PKP Web Application Library Code Issue Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A code issue vulnerability exists in the PKP Web Application Library prior to version 3.3.0-16, whic...

PKP Web Application Library Cross-Site Scripting Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site scripting vulnerability exists in versions prior to PKP Web Application Library 3.3.0-1...

PKP Web Application Library Cross-Site Request Forgery Vulnerability

The PKP Web Application Library is a library shared by PKP's Open Journal System OJS, Open Conference System OCS, Open Monograph Press OMP, Open Preprint System OPS, and Open Harvester System OHS. A cross-site request forgery vulnerability exists in the PKP Web Application Library prior to versio...

Adobe Reader DC XFA Page prePrint Event Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit Reader XFA Page prePrint Event Memory Error References Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the Page prePrint event, which could allow the reuse of a pointer that has already been released in the hanging pointer. An attacker could execute arbitrary code in the...

Android new attack: Google Voice Search attack-vulnerability warning-the black bar safety net

Chinese University of Hong Kong researchers in the Preprint posted on the website of paper PDF, describes a novel permission to bypass attack method: Google Voice Search attack. An attacker can leverage a zero-permissions Android app VoicEmployer, front activationoperating system built-in voice...