CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2025-23945

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Webliup Popliup popliup allows PHP Local File Inclusion.This issue affects Popliup: from n/a through = 1.1.1...

CVE-2025-23945 WordPress Popliup Plugin <= 1.1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Webliup Popliup popliup allows PHP Local File Inclusion.This issue affects Popliup: from n/a through = 1.1.1...

CVE-2025-23945 WordPress Popliup Plugin <= 1.1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Webliup Popliup popliup allows PHP Local File Inclusion.This issue affects Popliup: from n/a through = 1.1.1...

CVE-2025-23945

CVE-2025-23945 affects the WordPress Popliup plugin up to version 1.1.1. The issue is an improper control of filename for include/require in a PHP program, enabling local file inclusion (LFI) through PHP Remote File Inclusion mechanics. The vulnerability stems from the plugin’s handling of includ...

OESA-2025-1039 spark security update

Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Signing cookies is an application security feature that adds a digital signature to cookie data to verify its...

com.pingcap.tispark:spark-wrapper-spark-2.4 (>=2.4.4-scala_2.12 <=2.4.4-scala_2.12-RC2), com.pingcap.tispark:spark-wrapper-spark-3.0 (>=2.5.0 <=2.5.3) +21 more potentially affected by CVE-2024-23945 via org.apache.spark:spark-hive-thriftserver_2.12 (>=2.4.8 <=3.3.1)

org.apache.spark:spark-hive-thriftserver2.12 MAVEN version =2.4.8, =2.4.4-scala2.12, =2.5.0, =3.0.1, =2.5.0, =3.0.1, =3.0.1, =3.1.0, =2.4.4-scala2.12, =2.5.1, =3.0.1, =2.5.1, =3.0.1, =3.0.1, =3.1.0, =2.4.4-scala2.12, =3.2.3 and more Source cves: CVE-2024-23945 Source advisory:...

co.elastic.release-test:dist (=9.0.4), co.elastic.release-test:elasticsearch-hadoop-hive (=9.0.4) +193 more potentially affected by CVE-2024-23945 via org.apache.hive:hive-service (>=1.2.0 <=4.0.0-beta-1)

org.apache.hive:hive-service MAVEN version =1.2.0, =5.0.0, =1.7.0, =3.0.0, =0.1.1, =2.0.1-preview, =2.0.0, =5.0.1 - com.hotels:mutant-swarm =1.1.0 - com.hotels:waggle-dance =4.0.0 - com.hotels:waggle-dance-boot =4.0.0 - com.hotels:waggle-dance-core =4.0.0 and more Source cves: CVE-2024-23945 Sour...

CVE-2024-23945

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

CVE-2024-23945

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

CVE-2024-23945

CVE-2024-23945 → CookieSigner exposes the correct cookie signature to end users when a signature mismatch occurs. Affected: Hive service component and Spark Hive-ThriftServer (versions tied to HIVE-9710 1.2.0 and SPARK-14987 2.0.0). Root cause: flawed CookieSigner logic allows exposure of the sig...

com.gitee.pulanos.pangu:pangu-gateway-spring-boot-starter (>=5.0.7 <=5.1.0), org.apache.shenyu:shenyu-admin (>=2.4.0 <=2.4.1) +108 more potentially affected by CVE-2022-23945 via org.apache.shenyu:shenyu-common (>=2.4.0 <=2.4.1)

org.apache.shenyu:shenyu-common MAVEN version =2.4.0, =5.0.7, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.1 and more Source cves: CVE-2022-23945 Source advisory: OSV:GHSA-7RJP-FGWJ-47RW...

CVE-2022-23945

creationtimestamp| type| source ---|---|--- 2022-01-25 16:18:49+00:00| seen| https://t.me/cibsecurity/36215...

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2022-23945 Apache ShenYu missing authentication allows gateway registration

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

CVE-2022-23945

CVE-2022-23945 describes a missing authentication flaw in the ShenYu Admin interface when registering over HTTP, affecting Apache ShenYu versions 2.4.0 and 2.4.1 . The connected sources consistently state the issue as an authentication gap without providing additional technical specifics within t...

CVE-2020-23945

Victor CMS V1.0 contains a SQL injection flaw in the cat_id parameter of category.php. The cat_id input is used in SQL queries, enabling an attacker to retrieve data from the database. Root cause: unsafe handling/concatenation of user input in category.php. Affected component: Victor CMS 1.0, cat...

CVE-2021-23945

This CVE entry is rejected/not used and does not represent an active vulnerability.

CVE-2021-23945

...