Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Mail Settings configuration fields. An attacker can execute arbitrary JavaScript in the browser context of an...

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Affected versions of this package are vulnerable to Unsynchronized Access to Shared Data in a Multithreaded Context during the LDAPS transfers. An attacker can impact the security of concurrent transfers by manipulating TLS settings in one thread, which may inadvertently alter the global...

EUVD-2022-26872

Malicious code in bioql PyPI...

CVE-2025-55118 BMC Control-M/Agent memory corruption in SSL/TLS communication

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n"; Control-M/Agent 9.0.21 and 9.0.22: Agent router...

Alibaba Cloud Linux 3 : 0142: curl (ALINUX3-SA-2022:0142)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0142 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-22576: An improper authentication...

Rancher agents can be hijacked by taking over the Rancher Server URL

Impact A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle MITM attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability...

Microsoft Security Update Validation Report October 2022

Microsoft’s October 2022 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English-only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwar...

USN-5344-1: DBD::mysql vulnerabilities

It was discovered that the DBD::mysql module, when configured with server-side prepared statement support, was susceptible to operations that would result in improper memory access. An attacker could possibly use this issue to cause DBD::mysql to crash, resulting in a denial of service...

"This page can't be displayed. Turn on TLS 1.0 TLS 1.1, and TLS 1.2. in Advanced Settings And Try Connecting Again" While Accessing StoreFront

Error: "This page can't be displayed. Turn on TLS 1.0 TLS 1.1, and TLS 1.2. in Advanced Settings And Try Connecting Again" While Accessing StoreFront...

openSUSE Security Update : apache2 (openSUSE-SU-2012:0248-1)

This update fixes several security issues in the Apache2 webserver. CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3607: Integer overflow in appregsub function resulting in a heap based...