EUVD-2023-43505

Malicious code in bioql PyPI...

EUVD-2024-18828

Malicious code in bioql PyPI...

EUVD-2023-46774

Malicious code in bioql PyPI...

EUVD-2024-54788

Malicious code in bioql PyPI...

CVE-2024-9342

Affected software: Eclipse GlassFish 7.0.16 and earlier. The issue is unlimited failed login attempts, enabling brute-force login; impact per sources includes potential unauthorized access. CVSS metrics in the initial document show high impact confidentiality, integrity, availability with network...

CVE-2023-47667

Cross-Site Request Forgery CSRF vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 7.0.16...

CVE-2023-42321

Cross Site Request Forgery CSRF vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files...

CVE-2025-0755 MongoDB C Driver bson library may be susceptible to buffer overflow

The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size INT32MAX, resulting in a segmentation fault and possible application crash. This...

UBUNTU-CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

UBUNTU-CVE-2024-21108

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

UBUNTU-CVE-2024-21106

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2024-21113

CVE-2024-21113 affects Oracle VM VirtualBox (Core) prior to 7.0.16. A local, low-privilege attacker with logon can compromise VirtualBox, with potential takeover and impact to related products. CVSS v3.1 base score 8.8 (HIGH). Remediation: apply patches to move to 7.0.16+ (vendor advisories, Mage...

PT-2024-4878 · Oracle · Virtualbox

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 7.0.16 Description: The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon access to the infrastructure to...

PT-2024-3304 · Oracle +1 · Virtualbox +1

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 7.0.16 Description: The issue is related to an error in the initialization of variables in the Core component of Oracle VM VirtualBox. This easily exploitable vulnerability allows a low-privileged attack...

CVE-2023-42322

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information...

PT-2023-28315 · Icmsdev · Icms

Name of the Vulnerable Software and Affected Versions: icmsdev iCMS version 7.0.16 Description: The issue allows a remote attacker to obtain sensitive information due to an Insecure Permissions vulnerability. Recommendations: For version 7.0.16, update to a version that fixes the Insecure...

iCMS Cross-Site Request Forgery Vulnerability (CNVD-2023-70069)

iCMS is a software application, an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in iCMS version 7.0.16, which stems from the component dosave not adequately verifying that a request comes from a trusted user. The...

iCMS 跨站请求伪造漏洞

iCMS is a software application, an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in iCMS version 7.0.16, which stems from the component dosave not adequately verifying that a request comes from a trusted user. The...

CVE-2022-41496

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at admincp.php...

CVE-2020-1774

When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects OTRS Community Edition: 5.0.42 and prior versions, 6.0.27 and prio...