23 matches found
dify 安全漏洞
dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have a security vulnerability. This vulnerability stems from an authorization bypass issue in the file preview endpoint, which allows any authenticated user to read the first 3,000 characte...
CVE-2026-25164
OpenEMR before version 8.0.0 exposed documents and insurance data via the REST API. The route table in apis/routes/_rest_routes_standard.inc.php did not call RestConfig::request_authorization_check() for the document and insurance endpoints, allowing any valid API bearer token to access or modify...
CVE-2026-25164 OpenEMR's Document and Insurance REST Endpoints Skip ACL
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...
PT-2026-21975
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/ rest routes standard.inc.php does not call...
CVE-2024-50617
Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. Retriev...
EUVD-2025-37407
The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...
EUVD-2012-3681
Malware in sbrugna...
CVE-2024-52477 WordPress Document & Data Automation plugin <= 1.6.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in No-nonsense Labs Document & Data Automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through 1.6.1...
CVE-2024-52477 WordPress Document & Data Automation plugin <= 1.6.1 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in docxpresso Document & Data Automation document-data-automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through = 1.6.1...
CVE-2024-52477
CVE-2024-52477 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Document & Data Automation from No-nonsense Labs that leads to Stored XSS. Affected versions are prior to 1.6.1; remediation is to update to 1.6.1 or later. The CVSS v3.1 base score is 7.1 (HIGH), with NET...
WordPress plugin Document & Data Automation 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2024-35317 · No Nonsense · Document & Data Automation
Name of the Vulnerable Software and Affected Versions: No-nonsense Labs Document & Data Automation versions prior to 1.6.1 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended...
SUSE CVE-2014-7934
Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...
steuerberaten.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1164528 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
chromium-browser: address spoofing in omnibox
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox URL bar via a crafted HTML page containing PDF data...
chromium-browser: Out of bounds access in PDFium
The CJBig2SymbolDict class in fxcodec/jbig2/JBig2SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via a PDF document containing crafted data with JBIG2...
chromium-browser: use-after-free in DOM
Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...
CVE-2014-7934
Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...
Design/Logic Flaw
Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...
CVE-2014-7934
Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures...