CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

MINI-7672-V4MM-PPGX

Bulletin has no description...

CVE-2020-7672

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

CVE-2019-7672

Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges...

MAL-2025-7672 Malicious code in @crabas0npm2/laboriosam-cumque-voluptatibus (npm)

The package @crabas0npm2/laboriosam-cumque-voluptatibus was found to contain malicious code...

CVE-2025-7672 Stored-XSS possibility in Namo CrossEditor4

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

CVE-2025-7672 Stored-XSS possibility in Namo CrossEditor4

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

Oracle Linux 9 : xdg-utils (ELSA-2025-7672)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7672 advisory. - Update documentation for CVE-2022-4055 RHEL-87487 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

CVE-2024-7672

A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current proce...

Autodesk Navisworks Manage 25.0.x < 25.0.999.0 (2025.3) Multiple Vulnerabilities (adsk-sa-2024-0015)

The version of Autodesk Navisworks Manage installed on the remote host is prior to 25.0.999.0 2025.3. It is, therefore, affected by multiple vulnerabilities as referenced in the adsk-sa-2024-0015 advisory. - A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, ca...

Autodesk Navisworks Freedom 25.0.x < 25.0.999.0 (2025.3) Multiple Vulnerabilities (adsk-sa-2024-0015)

The version of Autodesk Navisworks Freedom installed on the remote host is prior to 25.0.999.0 2025.3. It is, therefore, affected by multiple vulnerabilities as referenced in the adsk-sa-2024-0015 advisory. - A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, c...

Autodesk Navisworks Simulate 25.0.x < 25.0.999.0 (2025.3) Multiple Vulnerabilities (adsk-sa-2024-0015)

The version of Autodesk Navisworks Simulate installed on the remote host is prior to 25.0.999.0 2025.3. It is, therefore, affected by multiple vulnerabilities as referenced in the adsk-sa-2024-0015 advisory. - A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks,...

CVE-2017-7672

creationtimestamp| type| source ---|---|--- 2023-12-18 10:44:24+00:00| seen| https://t.me/arpsyndicate/1966...

K12542008: Apache Struts vulnerabilities CVE-2017-9793 and CVE-2017-9804

Security Advisory Description CVE-2017-9793 The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. CVE-2017-9804 In Apache Stru...

@enexus/ravepay (=1.3.0), @iykedapotential/flw-notifier (=0.0.6) +17 more potentially affected by CVE-2020-7672 via mosc (=1.0.0)

mosc NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mosc and may be impacted: - @enexus/ravepay =1.3.0 - @iykedapotential/flw-notifier =0.0.6 - @legobox/ravepay =1.3.0 - @waptik/ravepay-nodejs =1.2.1-1, =1.0.0, =1.0.0, =1.0.0, =1.0....

CVE-2020-7672

CVE-2020-7672 affects the mosc package (mosc through 1.0.0). The vulnerability lies in user input passed to the properties argument, which is executed via eval, leading to arbitrary code execution. In practice, a crafted input can cause code execution in impacted environments (SNYK provides a Pro...

@enexus/ravepay (=1.3.0), @iykedapotential/flw-notifier (=0.0.6) +17 more potentially affected by CVE-2020-7672 via mosc (=1.0.0)

mosc NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mosc and may be impacted: - @enexus/ravepay =1.3.0 - @iykedapotential/flw-notifier =0.0.6 - @legobox/ravepay =1.3.0 - @waptik/ravepay-nodejs =1.2.1-1, =1.0.0, =1.0.0, =1.0.0, =1.0....

CVE-2019-7672

Affected software: Prima Systems FlexAir, versions 2.3.38 and earlier. Vulnerability: Use of hard-coded username/password in the flash web interface enables an authenticated attacker to escalate privileges. Root cause: hard-coded credentials in the Web UI. Impact: potential privilege escalation o...

Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this...

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-7672 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-7672, CVE-2017-9805 Source advisory:...