751 matches found
Partner Software和Partner Software Partner Web 安全漏洞
Partner Software and Partner Software Partner Web are both products of Partner Software, a U.S.-based company.Partner Software is a geographic information system application.Partner Software Partner Web is a back-end system that provides review of reports on the Partner Software is a GIS...
Partner Software和Partner Software Partner Web 安全漏洞
Partner Software and Partner Software Partner Web are both products of Partner Software, a U.S.-based company.Partner Software is a geographic information system application.Partner Software Partner Web is a back-end system that provides review of reports on the Partner Software is a GIS...
WeGIA SQL Injection Vulnerability (CNVD-2025-17301)
WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database...
CVE-2022-50049
In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcmaddpaths, it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric ...
CVE-2023-46134
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...
CVE-2022-20942
A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an authenticated, remote attacker to retrieve sensitive information from...
CVE-2021-38162
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may,...
[SECURITY] Fedora 41 Update: rust-idna_adapter-1.2.0-1.fc41
Back end adapter for idna...
[SECURITY] Fedora 40 Update: rust-idna_adapter-1.2.0-1.fc40
Back end adapter for idna...
CVE-2024-9612 Unauthorized Access in danswer-ai/danswer
In danswer-ai/danswer v0.3.94, administrators can set the visibility of pages within a workspace, including the search page. When the search page is set to be invisible, regular users cannot view the search page or access its functionalities from the front-end interface. However, the back-end doe...
GPT Academic 代码注入漏洞
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a command injection vulnerability that stems from a security issue with the CodeInterpreter plugin, which can be exploited by an attacker to achieve Remote Co...
Danswer 安全漏洞
Danswer is Danswer AI open source an artificial intelligence assistant that connects to company documents, applications and people. A security vulnerability exists in Danswer version v0.3.94, which stems from the back-end not validating the visibility status of a search page, which could allow an...
NetEase QAnything 安全漏洞
NetEase QAnything is a local knowledge base question and answer system dedicated to supporting arbitrary format files or databases from China's NetEase NetEase, which can be installed and used offline. A security vulnerability exists in NetEase QAnything, which stems from a cross-site request...
Esri ArcGIS Server SQL注入漏洞
Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. Esri ArcGIS Server suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this...
CVE-2021-37626
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...
CVE-2022-41731
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402...
Malicious code in @test6uy767/back-end (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2023-50316
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...
AutoLib Software Systems OPAC 安全漏洞
AutoLib Software Systems OPAC is a library management software from AutoLib Software Systems. A security vulnerability exists in AutoLib Software Systems OPAC version v20.10, which stems from the exposure of multiple API keys in the code. An attacker could use these keys to access back-end APIs o...
CVE-2024-35148
IBM Maximo Application Suite 8.10.10, 8.11.7, and 9.0 - Monitor Component is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database...