20 matches found
CVE-2025-10762
A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keysdepartment results in sql injection. The attack can be executed remotely. The exploi...
CVE-2024-10762
creationtimestamp| type| source ---|---|--- 2025-08-11 18:27:49+00:00| seen| MISP/3e4b778d-5810-4171-a915-f1d106684af4...
CVE-2019-10762
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping...
CVE-2024-10762
In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...
CVE-2024-10762
In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...
CVE-2024-10762 Missing Authorization in lunary-ai/lunary
In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...
CVE-2024-10762 Missing Authorization in lunary-ai/lunary
In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This...
CVE-2024-10762
CVE-2024-10762 affects lunary-ai/lunary prior to version 1.5.9. The /v1/evaluators/ endpoint does not enforce access control, permitting low-privilege users to issue DELETE requests that delete evaluator data, causing permanent data loss and potential operational disruption. Evidence from multipl...
CVE-2019-10762
creationtimestamp| type| source ---|---|--- 2024-02-01 09:07:08+00:00| seen| https://t.me/ctinow/177406...
RHEL 7 : OCS 3.11.z async (RHSA-2020:4143)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4143 advisory. Red Hat OpenShift Container StorageOCS is a provider of agnostic persistent storage for OpenShift Container Platform either in-house or in a...
CVE-2020-10762
CVE-2020-10762 affects gluster-block before 0.5.1, where CLI operation output is logged to cmd_history.log world-readable, enabling local users to read passwords and sensitive data. Affected component: gluster-block; impact is information disclosure (confidentiality). Remediation: upgrade to glus...
CVE-2019-10762
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping...
CVE-2019-10762
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping...
CVE-2019-10762
The CVE-2019-10762 issue concerns the Medoo PHP database framework: the columnQuote function in Medoo before version 1.7.5 can allow remote SQL injection due to improper escaping. The vulnerability affects catfan/medoo and is documented with high/severe CVSS ratings in the NVD entry. The practica...
CVE-2019-10762
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping...
CVE-2016-10762
creationtimestamp| type| source ---|---|--- 2019-07-18 16:28:55+00:00| seen| https://t.me/cibsecurity/5593...
CVE-2016-10762
CVE-2016-10762 concerns the CampTix Event Ticketing WordPress plugin. The connected documents confirm that versions before 1.5 are vulnerable to CSV injection when using the export tool, arising from a CSV injection flaw in the plugin’s export functionality. The impact is described as CSV injecti...
CVE-2018-10762
...
CVE-2018-10762
CVE-2018-10762 is rejected/not used and does not represent an active vulnerability entry.
CVE-2017-10762
CVE-2017-10762 affects XnView Classic for Windows, version 2.40. The vulnerability arises from processing a crafted .rle file, where data from a faulting address controls branch selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f. This can lead to denial of service and potent...