95 matches found
CVE-2026-34874
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Vulnerabilities existed in versions 4.0.0-RC1 to 4.17.5, as well as in versions 5.0.0-RC1 to 5.9.11 of Craft CMS. These vulnerabilities were caused by behavior injection remote code execution vulnerabilities in the...
CVE-2025-64460
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...
CVE-2025-11966
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...
EUVD-2020-18471
Malware in sbrugna...
EUVD-2014-2203
Malware in sbrugna...
EUVD-2014-3805
Malware in sbrugna...
EUVD-2024-3090
Malicious code in bioql PyPI...
EUVD-2024-35559
Malicious code in bioql PyPI...
CVE-2025-57811
Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI Server-Side Template Injection. This is a follow-up to CVE-2024-52293. This vulnerability has been patched in...
CVE-2020-6937
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion...
CVE-2012-1064
Multiple cross-site scripting XSS vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Apache Felix Webconsole 跨站脚本漏洞
Apache Felix Webconsole is a simple tool from the Apache USA Foundation to inspect and manage OSGi framework instances using a web browser. A cross-site scripting vulnerability exists in Apache Felix Webconsole versions 4.x through 4.9.8 and 5.x through 5.0.8, which stems from incorrect...
Joomla! 5.x < 5.2.3 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.20, 4.x prior to 4.4.10 or 5.x prior to 5.2.3. It is, therefore, affected by multiple vulnerabilities. - Various module chromes didn't properly process inputs, leading to XSS...
EulerOS 2.0 SP12 : libtiff (EulerOS-SA-2024-2353)
According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw...
PT-2024-31564 · Overleaf · Overleaf Server Pro +1
Name of the Vulnerable Software and Affected Versions: Overleaf Community Edition and Server Pro versions prior to 5.0.7 Overleaf Community Edition and Server Pro versions 4.x prior to 4.2.7 Description: Overleaf is a web-based collaborative LaTeX editor. The issue allows an arbitrary language...
CentOS SEoL (4.x)
According to its version, CentOS is 4.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc...
GHSA-2XP3-57P7-QF4V xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Summary Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/sec-CoreValidation. As such, without additional validation steps, the default configuration allows a...
Silverstripe Framework Security Vulnerability
silverstripe framework is a set of CMS website frameworks. A security vulnerability exists in Silverstripe Framework versions 4.x prior to 4.13.39 and 5.x prior to 5.1.11, which stems from a user being able to access record headers that they are not authorized to view...
Privilege escalation
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensu...