14 matches found
CVE-2025-32951
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...
CVE-2025-32951
creationtimestamp| type| source ---|---|--- 2025-04-25 16:07:19+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13460...
CVE-2025-32951
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...
CVE-2025-32951
CVE-2025-32951 affects io.jmix.rest:jmix-rest via the /files endpoint, enabling XSS when an attacker manipulates a file-path/name input so the Content-Type becomes text/html for names ending with .html. Impact is cross-site scripting in browsers when a malicious file is uploaded beforehand. Affec...
CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...
CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API
Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...
CVE-2024-32951
Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1...
CVE-2024-32951
CVE-2024-32951 affects BloomPixel Max Addons Pro for Bricks (Max Addons Pro for Bricks) up to version 1.6.1, with a Missing Authorization vulnerability that could permit unauthorized access to plugin settings. The CVSS 3.1 base metrics show a Medium severity (6.5) with network attack vector, no c...
WordPress Max Addons Pro for Bricks Plugin <= 1.6.1 is vulnerable to Settings Change
Software Max Addons Pro for Bricks Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-32951 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 446d765fd496 Credits Dave Jong Patchstac...
CVE-2022-32951
...
CVE-2022-32951
This CVE entry is rejected/not used and does not represent an active vulnerability.
CVE-2021-32951
WebAccess/NMS Versions prior to v3.0.3Build6299 has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS...
CVE-2021-32951
CVE-2021-32951 affects Advantech WebAccess/NMS versions prior to 3.0.3_Build6299, exposing an improper authentication vulnerability that may allow an unauthenticated attacker to view resources monitored and controlled by WebAccess/NMS, including IP addresses and names of all managed devices. The ...
Advantech WebAccess/NMS
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/NMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and...