20 matches found
EUVD-2024-0934
Malicious code in bioql PyPI...
CVE-2021-36601
GetSimpleCMS 3.3.16 contains a cross-site Scripting XSS vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter...
Malicious code in tsl-select-trigger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 072755e39bd14b6660b02fdc071fceedf4d4cf76f4f27561b12b19a8fa70f135 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2427 Malicious code in tsl-select-trigger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 072755e39bd14b6660b02fdc071fceedf4d4cf76f4f27561b12b19a8fa70f135 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2426 Malicious code in tsl-card-body (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3b827feadef7c2656600460243604631e02bc0a0b8ade3e8f317a7a5964ffd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in tsl-card-body (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3b827feadef7c2656600460243604631e02bc0a0b8ade3e8f317a7a5964ffd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-29887
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
Serverpod client accepts any certificate
This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...
GHSA-H6X7-R5RG-X5FW Serverpod client accepts any certificate
This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...
CVE-2024-29887
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
CVE-2024-29887
CVE-2024-29887 affects the Serverpod client component of Serverpod (serverpod_client), where TLS certificate validation is bypassed in non-web HTTP clients. The root cause is improper certificate validation, enabling potential man-in-the-middle attacks on encrypted traffic between client devices ...
CVE-2024-29887 Serverpod client accepts any certificate
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
CVE-2024-29887 Serverpod client accepts any certificate
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
CVE-2024-29887 Serverpod client accepts any certificate
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device...
CVE-2021-36601
GetSimpleCMS 3.3.16 contains a cross-site Scripting XSS vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter...
Cross site scripting
GetSimpleCMS 3.3.16 contains a cross-site Scripting XSS vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter...
CVE-2021-36601
CVE-2021-36601 affects GetSimpleCMS 3.3.16: an XSS vulnerability exists in the siteURL parameter of admin/settings.php, caused by inadequate filtering (described as Function TSL not filtering the check). Multiple sources (Red Hat, NVD/NVD-variant, OSV, OpenVAS, etc.) corroborate a cross-site scri...
Google Chrome to Label Sensitive HTTP Pages as "Not Secure"
Although over three months remaining, Google has planned a New Year gift for the Internet users, who're concerned about their privacy and security. Starting in January of 2017, the world's most popular web browser Chrome will begin labeling HTTP sites that transmit passwords or ask for credit car...
TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution
Oracle Java Web Start Command Argument Injection Remote Code Execution TSL ID: TSL20120214-01 1. Affected Software Oracle Java Development Kit JDK 6 Update 30 and prior Oracle Java Development Kit JDK 7 Update 2 and prior Oracle JavaFX 2.0.2 and prior Oracle Java Runtime Environment JRE 6 Update ...
GLSA-200910-02 : Pidgin: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200910-02 Pidgin: Multiple vulnerabilities Multiple vulnerabilities were found in Pidgin: Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message...