25 matches found
CVE-2026-7678
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...
CVE-2026-7678 YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...
CVE-2026-7678 YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...
EUVD-2019-7678
Malware in sbrugna...
MAL-2025-7678 Malicious code in @crabas0npm2/nam-totam-vero (npm)
The package @crabas0npm2/nam-totam-vero was found to contain malicious code...
CVE-2024-7678
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=savepackage. The manipulation of the argument name/description/trainingduration leads to...
CVE-2024-7678
creationtimestamp| type| source ---|---|--- 2024-08-12 15:56:16+00:00| seen| https://t.me/cvedetector/2831...
CVE-2024-7678 SourceCodester Car Driving School Management System Master.php cross site scripting
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=savepackage. The manipulation of the argument name/description/trainingduration leads to...
CVE-2024-7678
CVE-2024-7678 pertains to SourceCodester Car Driving School Management System 1.0. A cross-site scripting vulnerability resides in the public function at /classes/Master.php?f=save_package, triggered by manipulating the name/description/training_duration parameters. The issue is exploitable remot...
CGA-7JCQ-MWG3-7678
Bulletin has no description...
@csn_chile/fuelgauge (=1.0.1), @csn_chile/ol_ws (=1.0.0) +8 more potentially affected by CVE-2020-7678 via node-import (>=0.1.9 <=0.9.2)
node-import NPM version =0.1.9, =1.0.0, =1.0.0, =0.0.2, =0.1.2, =1.1.2, =1.1.1, =1.4.2 Source cves: CVE-2020-7678 Source advisory: OSV:GHSA-PC62-CQ5X-3J5G...
CVE-2020-7678
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...
CVE-2020-7678
node-import is vulnerable to Arbitrary Code Execution: the params argument can be provided by users without sanitization and is passed to eval in index.js (line 79), affecting all versions. A PoC exists demonstrating code execution, and no fixed version is available. Practical remediation is to r...
CVE-2020-7678 Arbitrary Code Execution
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...
@csn_chile/fuelgauge (=1.0.1), @csn_chile/ol_ws (=1.0.0) +8 more potentially affected by CVE-2020-7678 via node-import (>=0.1.9 <=0.9.2)
node-import NPM version =0.1.9, =1.0.0, =1.0.0, =0.0.2, =0.1.2, =1.1.2, =1.1.1, =1.4.2 Source cves: CVE-2020-7678 Source advisory: SNYK:JS-NODEIMPORT-571691...
CVE-2019-7678
A directory traversal vulnerability was discovered in Enphase Envoy R3.. via images/, include/, include/js, or include/css on TCP port 8888...
CVE-2019-7678
CVE-2019-7678 is a directory traversal vulnerability in Enphase Envoy R3.. exposed on TCP port 8888 via paths images/, include/, include/js, and include/css. The connected records corroborate this as a vulnerability affecting Enphase Envoy R3.. with CVSS v2 base 7.5 (PARTIAL confidentiality/integ...
ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +652 more potentially affected by CVE-2017-7678 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.1.3)
org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.18, =2.0.0, =1.0.0, =0.5.2, =1.0, =2.11-2.1.1-2.2.0, =4.2.0, =5.1.0, =5.1.2 and more Source cves: CVE-2017-7678 Source advisory: OSV:GHSA-R34R-F84J-5X4X...
CVE-2018-7678 XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager NAM 4.3 and 4.4...
CVE-2018-7678
CVE-2018-7678 is a cross-site scripting vulnerability in the Administration Console of NetIQ Access Manager (NAM) affecting NAM versions 4.3 and 4.4. The issue stems from improper input filtering in the Administration Console, enabling a remote attacker to execute arbitrary browser code. Supporte...