EUVD-2023-23766

Malicious code in bioql PyPI...

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

CVE-2024-50344

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context...

CVE-2024-50344

I, Librarian is affected by a vulnerability in its handling of Supplemental Files. Versions prior to 5.11.2 allow unsafe files containing JavaScript to execute within the application context due to broken MIME-type whitelisting. The issue can be triggered by uploading a malicious file and has bee...

CVE-2023-1522

SQL Injection in the Hardware Inventory report of Security Center 5.11.2...

CVE-2023-1522

SQL Injection in the Hardware Inventory report of Security Center 5.11.2...

PT-2023-17050 · Unknown · Securitycenter

Name of the Vulnerable Software and Affected Versions: Security Center version 5.11.2 Description: The issue is related to SQL Injection in the Hardware Inventory report. Recommendations: For Security Center version 5.11.2, update to a version that contains a fix for this issue...

CVE-2021-42776

CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Business Directory Plugin versions...

TIBCO Security Advisory: April 20, 2021 - TIBCO Administrator - Enterprise Edition -2021-28829

TIBCO Administrator CSV injection vulnerability Original release date: April 20,2021 Last revised: CVE-2021-28829 Source: TIBCO Software Inc. Products Affected TIBCO Administrator - Enterprise Edition versions 5.10.2 and below TIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1...

TIBCO Security Advisory: April 20, 2021 - TIBCO Administrator - Enterprise Edition -2021-28827

TIBCO Administrator Stored Cross Site Scripting vulnerability Original release date: April 20, 2021 Last revised: CVE-2021-28827 Source: TIBCOSoftware Inc. Products Affected TIBCO Administrator - Enterprise Edition versions 5.10.2 and below TIBCO Administrator - Enterprise Edition versions 5.11.0...

WordPress Business Directory Plugin <= 5.11.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by 0xB9 in WordPress Business Directory Plugin versions = 5.11.1. Solution Update the WordPress Business Directory Plugin to the latest available version at least 5.11.2...

WordPress Business Directory Plugin <= 5.11.1 - Arbitrary Listing Export vulnerability

Arbitrary Listing Export vulnerability discovered by 0xB9 in WordPress Business Directory Plugin versions = 5.11.1. Solution Update the WordPress Business Directory Plugin to the latest available version at least 5.11.2...

Apache ActiveMQ upload/download function directory traversal vulnerability

Apache ActiveMQ is a popular messaging and integration model provider . A directory traversal vulnerability in the upload/download function for blob messages in the fileserver in Apache ActiveMQ for Windows versions prior to 5.11.2 can be exploited by an attacker to create JSP files in an arbitra...