5 matches found
EUVD-2025-25166
Malicious code in bioql PyPI...
Tucows (VDP): CSRF allowing unauthorized modification of user Notes on ███████
A CSRF vulnerability was discovered that allowed unauthorized modification of user notes. The vulnerability was present in the endpoint that handled saving the notes. The endpoint did not implement proper CSRF protection, allowing an attacker to craft a malicious link that could be used to modify...
CVE-2025-43739
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authenticated user to modify the content of emails sent...
CVE-2025-43739
This CVE affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP releases 2025.Q1.0–2025.Q1.6, 2024.Q4.0–2024.Q4.7, 2024.Q3.1–2024.Q3.13, 2024.Q2.0–2024.Q2.13, 2024.Q1.1–2024.Q1.16, and 7.4 GA → update 92. The root cause is improper modification of emails generated by the calendar portlet, enablin...
CVE-2021-30480
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat...