org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:azure__msal-node (=1.5.0) +7 more potentially affected by CVE-2025-65945 via org.webjars.npm:jws (>=3.2.2 <=4.0.0)

org.webjars.npm:jws MAVEN version =3.2.2, =1.6.1, =2.3.2, =5.5.4, =0.0.1, =1.0.0 Source cves: CVE-2025-65945 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14188254...

EUVD-2014-3430

Malware in sbrugna...

EUVD-2014-3429

Malware in sbrugna...

org.webjars.npm:gip-recia__esco-content-menu (=0.3.4), org.webjars.npm:gip-recia__eyebrow-user-info (=0.6.2) +3 more potentially affected by CVE-2025-53892 via org.webjars.npm:vue-i18n (>=9.0.0-rc.9 <=9.14.3)

org.webjars.npm:vue-i18n MAVEN version =9.0.0-rc.9, =0.0.1, =1.12.0, =1.12.0, =1.40.2 Source cves: CVE-2025-53892 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-10771083...

CVE-2014-3417

uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet...

CVE-2014-3416

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet...

Code injection

uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet...

Code injection

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet...

CVE-2014-3416

CVE-2014-3416 affects uPortal prior to 4.0.13.1. The vulnerability arises from an improper check of MANAGE permissions, enabling remote authenticated users to manage arbitrary portlets by abusing the portlet-admin portlet’s SUBSCRIBE permission. The impact is the potential modification/management...

CVE-2014-3417

uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet...

CVE-2014-3417

CVE-2014-3417 affects uPortal before 4.0.13.1. The issue is an improper check of the CONFIG permission, allowing remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. The description implies a fix in 4.0.13.1; no exploitation details or in-the-wild...

CVE-2014-3416

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet...