Astra Linux - уязвимость в apache2

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch, especially when an extremely large input buffer is used. Although no code distributed with the server can be forced to make such a call, third-party modules or Lua scripts that us...

EUVD-2023-50087

Malicious code in bioql PyPI...

EUVD-2025-0124

Malicious code in bioql PyPI...

EUVD-2022-33057

Malicious code in bioql PyPI...

DRUPAL-CONTRIB-2025-023

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. The module does not sufficiently ensure that known login routes are not overridden by third-party modules which can allow an access bypass to occur. This vulnerabili...

Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. The module does not sufficiently ensure that known login routes are not overridden by third-party modules which can allow an access bypass to occur. This vulnerabili...

Cross-site Scripting (XSS)

pscontactinfo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of formatted addresses, which allows stored script execution when combined with third-party modules...

GHSA-35PQ-7PV2-2RFW ps_contactinfo has a potential XSS due to usage of the nofilter tag in template

Impact This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if your shop has a third party module vulnerable to SQL injections, then pscontactinfo might execute a stored XSS in FO. Patches The long term fix is to...

ps_contactinfo has a potential XSS due to usage of the nofilter tag in template

Impact This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if your shop has a third party module vulnerable to SQL injections, then pscontactinfo might execute a stored XSS in FO. Patches The long term fix is to...

CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template

pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...

CVE-2025-24027

CVE-2025-24027 concerns the PrestaShop module ps_contactinfo . The vulnerability is a cross-site scripting (XSS) flaw affecting versions up to and including 3.3.2, arising when formatted addresses stored in the database are displayed. Exploitation is described as possible only in shops already vu...

CVE-2025-24027 ps_contactinfo has potential XSS due to usage of the nofilter tag in template

pscontactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting XSS vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example...

BIT-APACHE-2022-28615 Read beyond bounds in ap_strcmp_match()

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

CVE-2023-45798

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution...

CVE-2023-45798

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution...

Input validation

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution...

CVE-2023-45798

Affected product: Yettiesoft VestCert, versions 2.36–2.5.29. Root cause: improper validation of third-party modules allows loading arbitrary third-party modules, enabling remote code execution. Impact: remote code execution with high risk (CVE-2023-45798). The CVE notes indicate vulnerability is ...

Yettiesoft VestCert Security Vulnerability

Yettiesoft VestCert is an application from Yettiesoft, Inc. A security vulnerability exists in Yettiesoft VestCert versions 2.36 through 2.5.29 that stems from improper validation of third-party modules, which allows malicious actors to load arbitrary third-party modules that can lead to remote...

PT-2023-29692 · Yettiesoft · Vestcert

Name of the Vulnerable Software and Affected Versions: Yettiesoft VestCert versions 2.36 to 2.5.29 Description: A vulnerability exists in Yettiesoft VestCert due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote co...

Enabled modules after been activated cannot subsequently be disabled

Lines of code Vulnerability details Impact Modules are third party accounts and they have some level of access to the GnosisSafe depending on configuration by the account owner. Therefore, they are created and assigned by account owners and they can execute transactions independently but they...