61 matches found
EUVD-2018-10376
Malware in sbrugna...
EUVD-2011-5057
Malware in sbrugna...
EUVD-2022-37078
Malicious code in bioql PyPI...
EUVD-2025-8838
Malicious code in bioql PyPI...
CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database
Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...
CVE-2021-25071
The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2025-3600
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service...
PT-2025-21164
Name of the Vulnerable Software and Affected Versions Progress Telerik UI for AJAX versions 2011.2.712 through 2025.1.218 Description An unsafe reflection issue exists in Progress Telerik UI for AJAX. This flaw can lead to an unhandled exception, potentially causing a crash of the hosting process...
CVE-2025-2794
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...
CVE-2025-2794
CVE-2025-2794 describes an unsafe reflection vulnerability in Kentico Xperience (affecting Xperience up to and including version 13.0.180). An unauthenticated attacker can trigger the vulnerability to terminate the current process, resulting in a Denial-of-Service condition. The issue is rooted i...
CVE-2022-47153
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1...
CVE-2024-0200
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
CVE-2024-0200
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
Design/Logic Flaw
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
CVE-2024-0200 Unsafe Reflection in Github Enterprise Server leading to Command Injection
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
CVE-2024-0200
CVE-2024-0200 (GitHub Enterprise Server) is an unsafe reflection vulnerability that can enable remote code execution. Authenticated attackers with an organization owner role can exploit it to run user-controlled methods, compromising the GHES instance. Affected versions are all prior to 3.12; fix...
PT-2023-8397 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.8.13 GitHub Enterprise Server versions prior to 3.9.8 GitHub Enterprise Server versions prior to 3.10.5 GitHub Enterprise Server versions prior to 3.11.3 GitHub Enterprise Server versions prior to...
CVE-2023-32217 SailPoint IdentityIQ Unsafe use of Reflection Vulnerability
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments...
Mozilla: Directory indexes for bundled resources reflected URL parameters
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when visiting directory listings for chrome:// URLs as source text, some parameters were reflected...
Rails Unsafe Reflection
Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller MVC architectural pattern. Ruby On Rails provides a method called constantize which allows developers to dynamically find a constant by using a string. The most common usage of this method is to...