EUVD-2022-2964

Malicious code in bioql PyPI...

CVE-2024-3180

Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file. Stored XSS could be caused by a rogue administrator adding malicious code to the link-text field when creating a block of type file. The Concrete CMS security team gave this...

CVE-2024-3179

Concrete CMS version 9 before 9.2.8 and previous versions before 8.5.16 are vulnerable to Stored XSS in the Custom Class page editing. Prior to the fix, a rogue administrator could insert malicious code in the custom class field due to insufficient validation of administrator provided data. The...

Concrete CMS 安全漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A security vulnerability exists in Concrete CMS that stems from the presence of a cross-site scripting XSS vulnerability. Affected products and versions: Concrete CMS version 9 before 9.2.8, versi...

Concrete CMS 安全漏洞

Concrete CMS is a team-oriented open source content management system from Concrete CMS Open Source. A security vulnerability exists in Concrete CMS that stems from the presence of a stored cross-site scripting XSS vulnerability. The following versions are affected: version 9 before 9.2.8, versio...

BIT-GRAFANA-2022-39324 Grafana vulnerable to spoofing originalUrl of snapshots

Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be...

Security Bulletin: Vulnerability in account lockout affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8964)

Summary IBM License Metric Tool ILMT v9.x and IBM BigFix Inventory BFI v9.x were allowing attacker to conduct brute force dictionary attacks to bypass authentication due to a missing account lockout mechanism. The issue has been fixed in version 9.2.8. Vulnerability Details CVEID: CVE-2016-8964...

Publify code injection vulnerability

Publify is a simple but full-featured web publishing software.A code injection vulnerability exists in versions of Publify prior to 9.2.8, which stems from the existence of a code injection vulnerability, for which no detailed vulnerability details are currently available...

Information Exposure

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Information Exposure. When a request is made to a password-protected article, the UI shows it requires a password to view content, but the content of...

Improper Access Control

Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Improper Access Control where it is possible for anonymous users to leave comments on an article in draft mode. Remediation Upgrade publifycore to...

Incorrect Authorization in publify

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode...

CVE-2022-0578

Code Injection in GitHub repository publify/publify prior to 9.2.8...

CVE-2022-0578

Code Injection in GitHub repository publify/publify prior to 9.2.8...

Improper access control

Improper Access Control in GitHub repository publify/publify prior to 9.2.8...

PT-2022-13953 · Publify · Publify

Name of the Vulnerable Software and Affected Versions: publify versions prior to 9.2.8 Description: The issue is related to improper access control in the GitHub repository, allowing attackers to view the contents of password-protected articles on the publify website. This compromises the...

McAfee Web Gateway 安全漏洞

McAfee Web Gateway is a high-performance secure Web gateway with best-in-class threat protection in a unified appliance software architecture. An elevation of privilege vulnerability exists in McAfee Web Gateway MWG versions prior to 9.2.8. The vulnerability stems from improper neutralization of...

IBM Tivoli Endpoint Manager 'beswrpt' Cross Site Scripting Vulnerability

IBM Tivoli Endpoint Manager is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...