27 matches found
RARLabs WinRAR XSS Vulnerability (Nov 2025) - Windows
WinRAR is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rarlab:winrar";...
EUVD-2019-15803
Malware in sbrugna...
EUVD-2018-17245
Malware in sbrugna...
EUVD-2021-9305
Malicious code in bioql PyPI...
KLA82387 ACE vulnerability in WinRAR
Arbitrary code execution vulnerability was found in WinRAR. Malicious users can exploit this vulnerability to execute arbitrary code, spoof user interface. Original advisories JVN59547048 WinRAR vulnerable to the symbolic link based “Mark of the Web” check bypass CVE-2025-31334 Related products...
SUSE CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
ImageMagick < 7.1.1-36 Arbitrary Code Execution
The remote Windows host has a version of ImageMagick installed that is prior to 7.1.1-36. It is, therefore, affected by an arbitrary code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
UBUNTU-CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
CVE-2024-41817 Arbitrary Code Execution in `AppImage` version `ImageMagick`
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
CVE-2023-2905
Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not...
CVE-2023-2905 Cesanta Mongoose MQTT Message Parsing Heap Overflow
Due to a failure in validating the length of a provided MQTTCMDPUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not...
SAP Enterprise Portal 跨站脚本漏洞
SAP Enterprise Portal is an application from SAP, Germany. A comprehensive integration and application platform that facilitates the alignment of people, information and business processes across organizational and technological boundaries. A cross-site scripting vulnerability in SAP Enterprise...
SAP NetWeaver AS JAVA Information Disclosure (3023299)
SAP Netweaver Application Server Java versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allow an attacker to access restricted information by entering malicious server name via the UserAdmin application of the SAP NetWeaver application server. Note that Nessus has not tested for this issue but has...
CVE-2021-22158
The Proofpoint Insider Threat Management Server formerly ObserveIT Server is vulnerable to XML external entity XXE injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are...
SAP NetWeaver AS JAVA Reverse Tabnabbing (2976947)
SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Note that Nessus has not tested for this issue but has instead...
SalesAgility SuiteCRM Input Validation Error Vulnerability
SalesAgility SuiteCRM is a suite of enterprise-grade open source customer relationship management CRM. An input validation error vulnerability exists in SalesAgility SuiteCRM versions 7.10.x prior to 7.10.23 and 7.11.x prior to 7.11.11. An attacker could exploit the vulnerability to bypass securi...
CVE-2020-8783
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection issue 1 of 4...
CVE-2019-14752
SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS...
CVE-2019-16922
SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files...
PT-2019-4567 · Sap · Sap Netweaver As For Abap/Abap Platform
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP Platform versions prior to 7.02 SAP NetWeaver AS ABAP Platform versions prior to 7.11 SAP NetWeaver AS ABAP Platform versions 7.30 SAP NetWeaver AS ABAP Platform versions 7.31 SAP NetWeaver AS ABAP Platform versions 7.40...