EUVD-1999-0991

Malware in sbrugna...

CVE-2018-20524

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy CSP...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10976

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. Vulnerability Details CVEID:CVE-2024-10976 DESCRIPTION: Incomplete tracking in PostgreSQL of...

Unauthorized Method Execution

twig/twig is vulnerable to unauthorized method execution. The vulnerability is due to improper enforcement of security policies in Twig's sandbox environment, which allows the toString method to be called on objects when they are part of arrays or argument lists, even if the method is disallowed ...

Information disclosure

A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the toString method on an object even if not allowed by the security policy in place...

CVE-2016-4394

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue...