CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

EUVD-2009-4973

Malware in sbrugna...

CVE-2024-33272

SQL injection vulnerability in KnowBand for PrestaShop autosuggest before 2.0.0 allows an attacker to run arbitrary SQL commands via the AutosuggestSearchModuleFrontController::initContent, and AutosuggestSearchModuleFrontController::getKbProducts components...

CVE-2020-36365

Smartstore aka SmartStoreNET before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect...

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 aka tg2 before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors...

GHSA-W3C8-7R8F-9JP8 Spring MVC controller vulnerable to a DoS attack

Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...

VMware Spring Framework < 5.3.42 DoS Vulnerability - Linux

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2024-28235 · Unknown +1 · Spring Mvc +1

Name of the Vulnerable Software and Affected Versions: Spring MVC affected versions not specified Description: The issue concerns Spring MVC controller methods that utilize an @RequestBody byte method parameter, making them susceptible to Denial of Service DoS attacks. Recommendations: At the...

CVE-2023-34575

SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail methods...

CVE-2021-21425

GravCMS (Grav Admin Plugin)

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 aka tg2 before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors...

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 aka tg2 before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors...

CVE-2009-5015

The URL dispatch mechanism in TurboGears2 aka tg2 before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors...

CVE-2009-5015

Removed by vendor...