91 matches found
EUVD-2022-4688
Malicious code in bioql PyPI...
EUVD-2025-21448
Malicious code in bioql PyPI...
EUVD-2022-41607
Malicious code in bioql PyPI...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to protected content elements rendered as fragments being indexed in the front-end search, which allows an attacker to access sensitive content publicly...
PT-2025-31829
Name of the Vulnerable Software and Affected Versions poppler version 25.04.0 Description The heap memory containing PDF stream objects is not cleared upon program exit, potentially allowing attackers to obtain sensitive PDF content via a memory dump. Recommendations At the moment, there is no...
CVE-2025-53622
DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...
CVE-2025-53622 DSpace has path traversal vulnerability in Simple Archive Format (SAF) package import via contents file
DSpace open source software is a repository application which provides durable access to digital resources. Prior to versions 7.6.4, 8.2, and 9.1, a path traversal vulnerability is possible during the import of an archive in Simple Archive Format, either from command-line ./dspace import command ...
CVE-2025-53621
CVE-2025-53621 : DSpace prior to 7.6.4, 8.2, and 9.1 is vulnerable to XML External Entity (XXE) injection during archive imports (SAF) or when handling XML from upstream services. The issue arises because external entities are not disabled during XML parsing, enabling a trusted administrator to t...
PT-2025-29566 · Dspace · Dspace
Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 7.6.4 DSpace versions prior to 8.2 DSpace versions prior to 9.1 Description: DSpace is a repository application that provides durable access to digital resources. Two related XML External Entity XXE injection...
PT-2025-29569 · Dspace · Dspace
Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 7.6.4 DSpace versions prior to 8.2 DSpace versions prior to 9.1 Description: DSpace is a repository application providing access to digital resources. A path traversal issue exists during the import of an archive in...
GHSA-V8FR-VXMW-6MF6 Mattermost Incorrect Authorization vulnerability
Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin...
CVE-2025-46702
CVE-2025-46702 affects Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x
PT-2025-26940 · Unknown · Iroha Board
Name of the Vulnerable Software and Affected Versions: iroha Board versions 0.10.12 and earlier Description: The issue is related to a direct request problem, also known as forced browsing or navegación forzada, which could allow an attacker who has logged in to the affected product to access...
CVE-2024-8771
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'previewemailtemplatedesign' function in all versions up to, and including,...
CVE-2022-2943
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
CVE-2013-4698
Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox...
CVE-2009-3568
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed...
5 Major Concerns With Employees Using The Browser
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware's recent State of Browser Security report...
D-Link DIR-823G 安全漏洞
The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from an authorization issue vulnerability that stems from improper authorization and can be exploited by an attacker to cause access control to sensitive content...
Android happy to check your nudes before you forward them
Sometimes the updates we install to keep our devices safe do a little bit more than we might suspect at first glance. Take the October 2024 Android Security Bulletin. It included a new service called Android System SafetyCore. If you can find a mention of that in the security bulletin, you’re a...