66 matches found
PYSEC-2026-1309 Docassemble unauthorized access through URL manipulation
Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...
CVE-2026-10233
Assimp contains a local out-of-bounds read in HL1MDLLoader::read_sequence_infos (HL1MDLLoader.cpp) of the Half-Life 1 MDL Loader. The bug is triggered by manipulating the aiString and affects Assimp up to 6.0.4. A local attacker could exploit this; a public exploit is disclosed in sources. No rem...
MAL-2026-3827 Malicious code in string-manipulation-typescript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bed3d44d42fd732fc0b3ec3b59c8c75fea479f97b78de4982c5b75bafd9af25 The package string-manipulation-typescript was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview string-manipulation-typescript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
Malicious code in string-manipulation-typescript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bed3d44d42fd732fc0b3ec3b59c8c75fea479f97b78de4982c5b75bafd9af25 The package string-manipulation-typescript was found to contain malicious code. Source: ghsa-malware...
[SECURITY] Fedora 44 Update: kf6-kcodecs-6.25.0-1.fc44
KDE Frameworks 6 Tier 1 addon with string manipulation methods...
CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
CVE-2026-23643
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...
Improper Validation of Unsafe Equivalence in Input
Overview alt-design/alt-redirect is an Alt Redirect addon, add Redirects to your site Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via handling of query string parameters when the "Query String Strip" feature is enabled. An attacker can...
EUVD-2008-1374
Malware in sbrugna...
EUVD-2007-0915
Malware in sbrugna...
EUVD-2015-4554
Malware in sbrugna...
EUVD-2017-17863
Malware in sbrugna...
EUVD-1999-0146
Malware in sbrugna...
CVE-2025-48388
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols \r, \n,...
CVE-2025-30348
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data...
CVE-2025-30348
CVE-2025-30348 affects Qt’s QDom encodeText before 6.8.0, where a complex XML string copy/inline replacement can cause performance degradation. Several advisories (e.g., SUSE) reference this vulnerability with fixes in Qt6.8.x or later; remediation is to update Qt to a patched release. If applyin...
CVE-2025-30348
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data...
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition
Summary Authenticated users can craft a filter string used to cause a SQL injection. Details Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer. This code does not look to sanitize inputs:...