Lucene search
K

29 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-46577

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00769EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46581

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.01026EPSS
Exploits1References5
NVD
NVD
added 2025/08/22 6:15 p.m.3 views

CVE-2024-52786

An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL...

9.8CVSS0.00757EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.8 views

CVE-2024-52786

An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL...

0.00757EPSS
Exploits0References2
OSV
OSV
added 2024/08/02 5:16 p.m.5 views

CVE-2024-7314

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

9.8CVSS6.1AI score0.51468EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/02 4:33 p.m.35 views

CVE-2024-7314 anji-plus AJ-Report Authentication Bypass

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

9.8CVSS0.51468EPSS
Exploits1References4
CVE
CVE
added 2024/08/02 4:33 p.m.75 views

CVE-2024-7314

CVE-2024-7314 affects AJ-Report (anji-plus). The vulnerability is an authentication bypass in versions before 1.4.1, allowing a remote, unauthenticated attacker to append “;swagger-ui” to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server. The Nuclei templ...

9.8CVSS7.4AI score0.51468EPSS
In wildExploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.6 views

PT-2024-38260 · Anji Plus · Anji-Plus Aj-Report

Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions = 1.4.0 Description: The issue allows a remote and unauthenticated attacker to bypass authentication by appending ";swagger-ui" to HTTP requests, potentially executing arbitrary Java on the victim server. This is...

9.8CVSS7AI score0.51468EPSS
Exploits1References10
OSV
OSV
added 2024/05/26 8:15 a.m.8 views

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

9.8CVSS7.2AI score0.01026EPSS
Exploits1References5
NVD
NVD
added 2024/05/26 8:15 a.m.14 views

CVE-2024-5356

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

9.8CVSS6.8AI score0.01026EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/05/26 7:31 a.m.22 views

CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The...

6.5CVSS6.8AI score0.01026EPSS
Exploits1References5
CVE
CVE
added 2024/05/26 7:31 a.m.70 views

CVE-2024-5356

CVE-2024-5356 affects anji-plus AJ-Report up to version 1.4.1, where the unknown function at /dataSet/testTransform;swagger-ui can be exploited via manipulation of the dynSentence parameter to perform SQL injection. The vulnerability enables remote exploitation and exploitation details have been ...

9.8CVSS6.8AI score0.01026EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/05/26 6:15 a.m.13 views

CVE-2024-5355

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

9.8CVSS7.4AI score0.03182EPSS
Exploits1References4
NVD
NVD
added 2024/05/26 6:15 a.m.24 views

CVE-2024-5355

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

9.8CVSS6.9AI score0.03182EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/05/26 6:0 a.m.21 views

CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS7.5AI score0.03182EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/05/26 6:0 a.m.29 views

CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection

A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Th...

6.5CVSS6.9AI score0.03182EPSS
Exploits1References4
CVE
CVE
added 2024/05/26 6:0 a.m.63 views

CVE-2024-5355

CVE-2024-5355 affects anji-plus AJ-Report up to version 1.4.1, with the IGroovyHandler function vulnerable to command injection that can be exploited remotely. Public exploit information exists. A practical mitigation from PT-security suggests disabling the IGroovyHandler function as a temporary ...

9.8CVSS6.9AI score0.03182EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/05/26 5:15 a.m.9 views

CVE-2024-5354

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has...

6.5CVSS4.6AI score0.00628EPSS
Exploits1References4
CVE
CVE
added 2024/05/26 4:31 a.m.55 views

CVE-2024-5354

Summary: CVE-2024-5354 affects the anji-plus AJ-Report product (versions up to 1.4.1). The vulnerability exists in the /reportShare/detailByCode endpoint, where manipulating the shareToken can disclose information. It is exploitable remotely over a network. Public exploitation has been disclosed....

6.5CVSS4.6AI score0.00628EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/05/26 4:0 a.m.55 views

CVE-2024-5353

CVE-2024-5353 affects anji-plus AJ-Report up to 1.4.1. The issue is a path traversal in the ZIP File Handler decompress function, allowing remote initiation. Exploit has been disclosed publicly. No remediation details are provided in the connected documents; no explicit fixes or patched versions ...

9.8CVSS6.5AI score0.00802EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder