EUVD-2026-30770

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

CVE-2026-39079

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

Langflow 路径遍历漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a path traversal vulnerability. This vulnerability stemmed from the path traversal in the knowledge base API, which could allow...

PT-2026-21966

Name of the Vulnerable Software and Affected Versions Angular SSR versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 Description Angular SSR, a server-side rendering tool for Angular applications, contains a Server-Side Request Forgery SSRF issue in its request handling pipeline. The...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

Linux Distros Unpatched Vulnerability : CVE-2020-15177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are...

CVE-2025-32357

In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for...

Exposure of Resource to Wrong Sphere in Spring Data REST

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

GHSA-4926-QPXG-6R3W Exposure of Resource to Wrong Sphere in Spring Data REST

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

SQL Injection

jeecg-boot-base-api is vulnerable to SQL injection. An attacker is able to modify or delete, causing persistent changes to the queries that the application makes to its database, mainly SQL, to compromise the underlying server or other back-enfd infrastructure...

CVE-2021-22047

In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for...

PT-2020-14249 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue concerns insecure storage of user input into the database as url base and url base api. These settings are used throughout the application, allowing for vulnerabilities such as Cross-Site...