WSO2 API Manager 安全漏洞

The WSO2 API Manager is a set of API lifecycle management solutions provided by the American company WSO2. There is a security vulnerability present in the WSO2 API Manager publishers. This vulnerability stems from the component’s inability to disable external entity resolution when accepting XML...

Flow code issues and vulnerabilities

Flow is a free and open-source enterprise-level process application developed by FlowwJ, a Chinese developer. It combines technologies such as Flowable to create an integrated process engine solution. There are code issues and vulnerabilities in Flow; these vulnerabilities stem from incorrect...

CVE-2024-2874

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources...

CVE-2025-15201

A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The...

CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This...

CVE-2025-47902 SQL Injection in web resource

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5...

CVE-2025-11712

The CVE-2025-11712 entry is supported by connected documents describing the same issue across Mozilla products. Affected software for this CVE includes Firefox and Thunderbird prior to version 144 (Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, Thunderbird

EUVD-2016-9351

Malware in sbrugna...

EUVD-2015-6259

Malware in sbrugna...

EUVD-2017-14324

Malware in sbrugna...

EUVD-2024-27818

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-1125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource...

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656...

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate...

SUSE-SU-2024:4106-1 Security update for tomcat

This update for tomcat fixes the following issues: - Update to Tomcat 9.0.97 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt + Add:...

Cross Site Scripting (XSS)

labelstudio is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not sanitizing/validating the HTML/JavaScript file that was downloaded from the import data feature from a remote web resource. An attacker can exploit this to download a HTML file that executes malicious JavaScrip...

PT-2023-29411 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the feedback parameter of the "feed.php" resource does not validate the characters received, sending...

Keycloak Reflected XSS

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...