CVE-2023-53947

OCS Inventory NG 2.3.0.0 is affected by an unquoted service path vulnerability that enables local privilege escalation. An attacker can place a malicious executable in the unquoted service path and trigger a restart to execute code with SYSTEM privileges. Multiple connected sources corroborate th...

PT-2025-52518

Name of the Vulnerable Software and Affected Versions OCS Inventory NG version 2.3.0.0 Description The software contains an unquoted service path vulnerability. This allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service...

OCS Inventory NG 代码问题漏洞

OCS Inventory NG is an open source IT asset management solution. A code issue vulnerability exists in OCS Inventory NG version 2.3.0.0, which stems from unquoted service paths and could lead to elevation of privilege...

EUVD-2022-1678

Malicious code in bioql PyPI...

QuantConnect Lean vulnerable to insecure deserialization

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. One may avoid this issue by only running Lean in an environment where data provided is trusted...

CVE-2022-24891

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...

UBUNTU-CVE-2022-24891

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...

GHSA-8M5H-HRQM-PXM2 Path traversal in the OWASP Enterprise Security API

Impact The default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire...

Design/Logic Flaw

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

CVE-2022-23457 Path Traversal in ESAPI

ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...

QuantConnect Lean Code Issue Vulnerability

Quantconnect Lean is a cross-platform algorithmic trading engine for strategy research, backtesting and real-time trading based on the C language from Quantconnect. A security vulnerability exists in QuantConnect Lean versions 2.3.0.0 through 2.4.0.1, which stems from a failure to securely...

QuantConnect Lean versions from 代码问题漏洞

Quantconnect Lean is a cross-platform algorithmic trading engine for strategy research, backtesting and real-time trading based on the C language from Quantconnect. A security vulnerability exists in QuantConnect Lean versions 2.3.0.0 through 2.4.0.1, which stems from a failure to securely...

CVE-2016-10509

SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier aka courierid parameter to openbay.php...

CVE-2017-3537

Vulnerability in the Oracle Real-Time Scheduler component of Oracle Utilities Applications subcomponent: Mobile Communications Platform. Supported versions that are affected are 2.2.0.3.13, 2.3.0.0 and 2.3.0.1. Easily "exploitable" vulnerability allows unauthenticated attacker with network access...