65 matches found
AJ-Report < 1.4.1 - Remote Code Execution
AJ-Report before version 1.4.1 is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server through script engine injection in the validation rul...
EUVD-2024-46578
Malicious code in bioql PyPI...
EUVD-2024-46575
Malicious code in bioql PyPI...
EUVD-2024-46577
Malicious code in bioql PyPI...
EUVD-2024-54902
Malicious code in bioql PyPI...
EUVD-2024-46576
Malicious code in bioql PyPI...
EUVD-2024-46581
Malicious code in bioql PyPI...
EUVD-2024-46580
Malicious code in bioql PyPI...
CVE-2024-52786
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL...
CVE-2024-52786
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL...
CVE-2024-52786
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL...
CVE-2024-52786
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL...
PT-2025-34469 · Unknown · Anji-Plus Aj-Report
Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions up to 1.4.2 Description: An authentication bypass allows unauthenticated attackers to execute arbitrary code via a crafted URL. Recommendations: Update anji-plus AJ-Report to a version later than 1.4.2...
CVE-2024-52786
CVE-2024-52786 affects the anji-plus AJ-Report project (≤ v1.4.2). The vulnerability is an authentication bypass that could let unauthenticated attackers execute arbitrary code via a crafted URL. Severity is high (CVSS v3.1: 9.8, Critical; Network access, no user interaction). Affected product/ve...
VulnCheck KEV: CVE-2024-7314
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...
CVE-2024-5350
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2024-5351
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...
CVE-2024-5352
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...
CVE-2024-7314
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...
CVE-2024-7314
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...