CVE-2026-24815

CVE-2026-24815 affects datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl). Multiple sources (NVD, Red Hat, CIRCL, OSV, CVE/CVELIST) describe an Unrestricted Upload of File with Dangerous Type and Deserialization of Untrusted Data in the tis plugin; the issue affects tis befo...

CVE-2026-24815

Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules. This vulnerability is associated with program files XmlFile.Java. This issue affects tis: before v4.3.0...

openSUSE Security Advisory (openSUSE-SU-2025:0008-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +9 more potentially affected by CVE-2024-24815 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-24815 Source advisory: OSV:GHSA-FQ6H-4G8V-QQVM...

CVE-2024-24815

creationtimestamp| type| source ---|---|--- 2024-02-07 17:22:07+00:00| seen| https://t.me/ctinow/180840 2024-02-11 13:59:22+00:00| seen| https://t.me/arpsyndicate/3397...

CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

Moderate: Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images

New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to...

CKEditor < 4.24.0-lts Multiple XSS Vulnerabilities - Linux

CKEditor 4 is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CKEditor < 4.24.0-lts Multiple XSS Vulnerabilities - Windows

CKEditor 4 is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security Bulletin: Eclipse Vert.x-Web component is vulnerable to CVE-2023-24815 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Eclipse Vert.x-Web package which is vulnerable to CVE-2023-24815. Vulnerability Details CVEID:CVE-2023-24815 DESCRIPTION: Eclipse Vert.x-Web could allow a remote attacker to obtain sensitive information, caused by a flaw when mounted on a wildcard route. ...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release security update

Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ai.timefold.solver:timefold-solver-quarkus-benchmark-deployment (>=0.8.38 <=0.9.38), ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=0.9.38) +2914 more potentially affected by CVE-2023-24815 via io.vertx:vertx-web (>=4.0.0 <=4.3.7)

io.vertx:vertx-web MAVEN version =4.0.0, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.4 and more Source cves: CVE-2023-24815 Source advisory: OSV:GHSA-53JX-VVF9-4X38https://vulners.com/osv/OSV...

CVE-2023-24815

creationtimestamp| type| source ---|---|--- 2023-02-10 03:27:58+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-53jx-vvf9-4x38...

CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...

CVE-2023-24815

CVE-2023-24815 affects Eclipse Vert.x-Web, specifically the StaticHandler behavior when serving files on Windows with a wildcard mount point. The vulnerability arises in Utils.java when computing the relative path to a resource: for wildcards it returns the user input (e.g., rest) as the path seg...

CVE-2022-24815

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...

CVE-2022-24815 SQL Injection when creating an application with Reactive SQL backend

JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications...

generator-jhipster-agilekip (>=0.0.11 <=0.0.12), generator-jhipster-composite-key-server (=7.0.0) +21 more potentially affected by CVE-2022-24815 via generator-jhipster (>=7.0.0 <=7.8.0)

generator-jhipster NPM version =7.0.0, =0.0.11, =0.1.0, =0.0.0, =0.0.0, =3.0.0, =1.0.0, =1.12.0, =1.0.0, =4.0.0, =2.0.0, =2.0.0-beta.1 and more Source cves: CVE-2022-24815 Source advisory: OSV:GHSA-QJMQ-8HJR-QCV6...

CVE-2021-24815

The CVE-2021-24815 entry concerns the WordPress plugin “Accept Donations with PayPal” (pre-1.3.2). The vulnerability arises from insufficient escaping of the Amount Menu Name field when creating Buttons, enabling stored Cross-Site Scripting that could be exploited by a high-privilege user. No exp...

CVE-2021-24815 Paypal Donation < 1.3.2 - Admin+ Stored Cross-Site Scripting

The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...