1115 matches found
EUVD-2023-41408
Malicious code in bioql PyPI...
EUVD-2025-12096
Malicious code in bioql PyPI...
EUVD-2022-15965
Malicious code in bioql PyPI...
EUVD-2022-3219
Malicious code in bioql PyPI...
EUVD-2025-28235
Malicious code in bioql PyPI...
EUVD-2022-1199
Malicious code in bioql PyPI...
EUVD-2022-5183
Malicious code in bioql PyPI...
EUVD-2022-7366
Malicious code in bioql PyPI...
GHSA-2HM7-R8F3-423H Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...
CVE-2025-43813
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older...
CVE-2025-43813
Summary (CVE-2025-43813) : Liferay Portal (ComboServlet) is vulnerable to path traversal in affected versions (Portal 7.4.0–7.4.3.107, older unsupported; Liferay DXP 2023.Q3/Q4 series; related 7.4/7.3 GA updates). The flaw allows remote attackers to access arbitrary CSS/JS files and load them rep...
PT-2025-49182
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.66 Description An issue exists in Apache HTTP Server on Windows when AllowEncodedSlashes is enabled and MergeSlashes is disabled. This can allow for Server-Side Request Forgery SSRF, potentially leading...
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable).
...
Linux Distros Unpatched Vulnerability : CVE-2022-3100
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. CVE-2022-3100 Note th...
Linux Distros Unpatched Vulnerability : CVE-2018-1999022
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method,...
Linux Distros Unpatched Vulnerability : CVE-2022-24999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto...
Malicious code in hash-query-string-assert-catch (npm)
The package hash-query-string-assert-catch was found to contain malicious code...
MAL-2025-22252 Malicious code in hash-query-string-assert-catch (npm)
The package hash-query-string-assert-catch was found to contain malicious code...
📄 VMware vSphere Client 8.0.3.0 Cross Site Scripting
VMware vSphere Client version 8.0.3.0 suffers from a cross site scripting vulnerability. VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec...
Foxit Reader Plugin Buffer Overflow Vulnerability
Foxit Reader Plugin is a U.S. Foxit company's PDF reading plug-ins. A buffer overflow vulnerability exists in Foxit Reader Plugin version 2.2.1.530, which stems from incorrect handling of URL query strings and can be exploited by an attacker to cause a buffer overflow and arbitrary code execution...