wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions 30.0.0 to 36.0.8, 43.0.2, and 44.0.1 of Wastime contain security vulnerabilities. These vulnerabilities stem from the allocation logic of WebAssembly tables, which involves arithmetic operations. Overflow...

Unverified Ownership

Overview miraheze/ts-portal is a Portal for handling and managing the investigation lifecycle for Trust and Safety at the WikiTide Foundation Affected versions of this package are vulnerable to Unverified Ownership due to the evidence handling in DPAController::store within...

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program from Nextcloud Open Source. A security vulnerability exists in Nextcloud Server version 30.0.0, which stems from the presence of an insecure direct object reference in the /core/preview endpoint that could lead to unauthorized access to sensitive dat...

CVE-2025-64011

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. An authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter, enabling unauthorized disclosure of sensitive data (text, ...

EUVD-2021-25259

Malware in sbrugna...

CVE-2024-52521

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 t...

CVE-2024-45384

Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not usin...

Apache Druid 输入验证错误漏洞

Apache Druid is an American Apache Apache Foundation open source, column-oriented distributed database written in Java. An input validation error vulnerability exists in Apache Druid version 30.0.0 and earlier. An attacker could exploit this vulnerability to read data from other database systems...

Apache Druid 安全漏洞

Apache Druid is an American Apache Apache Foundation open source, column-oriented distributed database written in the Java language. A security vulnerability exists in Apache Druid versions 0.18.0 through 30.0.0. An attacker exploiting this vulnerability could manipulate pac4j session cookies...

Ice Hrm Cross-Site Scripting Vulnerability (CNVD-2022-67480)

Ice Hrm is a human resource management system, and a cross-site scripting vulnerability exists in Ice Hrm version 30.0.0.OS. The vulnerability stems from the inability of the IceHRM website to effectively filter html tags in user input, which could be exploited by a logged-in attacker to steal...

CVE-2022-25013

Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the "key" and "fm" parameters in the component login.php...

CVE-2022-25013

Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the "key" and "fm" parameters in the component login.php...

CVE-2021-38823

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser...

CVE-2021-38822

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands...

Cross site scripting

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands...

CVE-2021-38823

IceHrm 30.0.0 OS website has a Session Management vulnerability where signing out from an admin account does not invalidate an admin session opened in another browser. Root cause/details beyond this description are not provided in the connected documents. Impact is indicated as severe by CVSS sco...

CVE-2021-38822

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands...