18 matches found
EUVD-2023-0313
Malicious code in bioql PyPI...
EUVD-2025-0136
Malicious code in bioql PyPI...
EUVD-2022-51715
Malicious code in bioql PyPI...
CVE-2022-43758
A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM only admin users by default This issue...
Command injection
A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM only admin users by default This issue...
CVE-2022-43758 Rancher: Command injection in Git package
A Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM only admin users by default This issue...
Subrion Cross-site Scripting (XSS)
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration...
GHSA-9738-C49Q-4RGC Subrion Cross-site Scripting (XSS)
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration...
GHSA-QXH5-5R5P-5GVF Cross-Site Request Forgery in Jenkins Blue Ocean Plugin
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier that allows attackers to bypass all cross-site request forgery protection in Blue Ocean API. The vulnerability is found in: - blueocean-core-js/src/js/bundleStartup.js - blueocean-core-js/src/js/fetch.ts -...
CVE-2021-23028
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4, when JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall WAF/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests m...
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change URL configuration if a logged in user visits attacker website. because lack of CSRF token 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your search URL changed form /search.php...
Cross site scripting
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission...
Subrion cross-site scripting vulnerability (CNVD-2018-19084)
Subrion is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a variety of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion version 4.2.1, which can be exploited by remote attackers ...
Cross site scripting
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration...
CVE-2018-16327
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration...
CVE-2018-16327
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration...
CVE-2018-16327
CVE-2018-16327 concerns a stored XSS vulnerability in Subrion CMS 4.2.1 via the admin panel URL configuration . The description across sources confirms the flaw as stored XSS, but the documents do not provide exploitation steps, affected environments beyond the version, root-cause analysis, or an...
Design/Logic Flaw
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration...