60 matches found
DHTMLX Diagram 路径遍历漏洞
DHTMLX Diagram is a JavaScript chart component developed by DHTMLX Corporation that supports interactive organizational charts, flowcharts, mind maps, and other chart types. Versions of DHTMLX Diagram prior to 1.1.1 had a path traversal vulnerability. This vulnerability stemmed from path traversa...
EUVD-2026-23992
Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values...
CVE-2026-35588
A flaw was found in Glances, an open-source system monitoring tool. A user with write access to the glances.conf configuration file can exploit a CQL Cassandra Query Language injection vulnerability in the Cassandra export module. This allows an attacker to manipulate configuration values,...
CVE-2026-35588 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...
glances 安全漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.4 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of configuration values by the Cassandra export module, which could lead to redirection of monitoring dat...
glances 安全漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.3 contained security vulnerabilities. These vulnerabilities stemmed from the DuckDB export module, where table names and column names were directly inserted into SQL statements, potentially leading ...
SUSE CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
Linux Distros Unpatched Vulnerability : CVE-2026-30930
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation...
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
glances SQL注入漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.1 contained an SQL injection vulnerability. This vulnerability stemmed from the TimescaleDB export module using uncleaned data to construct SQL queries, which could lead to SQL injection attacks...
CVE-2021-47768 ImportExportTools NG 10.0.4 - HTML Injection
ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...
EUVD-2026-2765
ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data ...
Import Export Tools NG security vulnerabilities
Import Export Tools NG is an open-source import and export tool developed by thundernest. Version 10.0.4 of Import Export Tools NG contains a security vulnerability. This vulnerability stems from a persistent HTML injection issue in the email export module, which could allow remote attackers to...
CVE-2025-15029
CVE-2025-15029 affects Centreon Infra Monitoring (Awie export modules). The root cause is improper neutralization of special elements in SQL commands, allowing unauthenticated SQL injection. Affected versions are 25.10.0–25.10.2, 24.10.0–24.10.3, and 24.04.0–24.04.3. Remediation is to upgrade to ...
CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring Awie export modules allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04...
CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring Awie export modules allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04...
CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring Awie export modules allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04...
The vulnerability of the e_show() function in the fs/nfsd/export.c module of the Linux kernel’s Network File System support module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the eshow function in the fs/nfsd/export.c module, which is part of the NFS network file system support in Linux kernels, relates to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrit...
The vulnerability of the Node export module in the Drupal CMS system allows a hacker to execute arbitrary code.
The vulnerability of the Node export module in the Drupal CMS system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...