12 matches found
EUVD-2022-4333
Malicious code in bioql PyPI...
EUVD-2022-27222
Malicious code in bioql PyPI...
CVE-2025-32371
CVE-2025-32371 affects DNN Platform (DotNetNuke) via the ImageHandler, where a URL crafted with a querystring parameter can render text in the resulting image. This could mislead users who trust the domain. The issue is fixed in DNN 9.13.4; apply the 9.13.4 upgrade (or follow vendor guidance) to ...
BIT-GOLANG-2024-24785 Errors returned from JSON marshaling may break template escaping in html/template
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...
Design/Logic Flaw
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...
CVE-2024-24785 Errors returned from JSON marshaling may break template escaping in html/template
If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...
CVE-2023-29403
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...
CVE-2023-29403
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...
CVE-2022-22068
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
CVE-2022-22068
CVE-2022-22068 affects Qualcomm/ Snapdragon kernel components. The issue arises when a kernel event contains content not generated by NPU software during asynchronous execution, potentially enabling local escalation of privileges with high impact (confidentiality, integrity, and availability all ...
CVE-2015-7881
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment...
CVE-2015-7881
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment...