sublinkX 路径遍历漏洞

sublinkX is an open source node subscription conversion and generation management system developed by Chen Hui. A path traversal vulnerability exists in sublinkX 1.8 and earlier versions, which stems from the incorrect operation of the parameter filename in the file api/template.go, resulting in...

Yifang CMS 路径遍历漏洞

Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.2 and earlier versions, which stems from path traversal due to incorrect operation of the File parameter File in...

CVE-2023-34094

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...

CVE-2023-3606

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

Books-Management-System 安全漏洞

Books-Management-System is a book management system by withstars individual developers. A security vulnerability exists in Books-Management-System version 1.0, which stems from a cross-site request forgery due to a misbehavior in file/api/article/del...

SpringBoot-Vue-OnlineExam 安全漏洞

SpringBoot-Vue-OnlineExam is an online exam system by Yu Personal Developer. A security vulnerability exists in SpringBoot-Vue-OnlineExam version 1.0, which stems from an unauthenticated password change due to manipulation of the studentId parameter in file/api/studentPWD...

CVE-2024-2566

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/getextensionyl.php. The manipulation of the argument imei leads to sql...

CVE-2024-6679 witmy my-springsecurity-plus role sql injection

A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

my-springsecurity-plus Security Vulnerabilities

my-springsecurity-plus is a SpringBoot and SpringSecurity based RBAC backend privilege management system by codermy individual developer. A security vulnerability exists in my-springsecurity-plus prior to 2024.07.03, which stems from some unknown functionality in file/api/dept, where manipulation...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in file/api/role, where...

CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...

CVE-2024-27901

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application...

CVE-2024-27901

CVE-2024-27901 (SAP Asset Accounting) : The vulnerability arises from insufficient validation of user-supplied path information that is passed to the File API, enabling a directory-traversal condition. Impact is described as affecting confidentiality, integrity, and availability of the applicatio...

CVE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...

CVE-2024-3250

CVE-2024-3250 affects Canonical’s Pebble service manager. The issue arises from the read-file API used by the pebble pull command, which, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble ran as root. This could enable access to sensitive ...

CVE-2024-2620

A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/downfile.php. The manipulation of the argument uuid leads to sql injection. The...

GHSA-9P43-HJ5J-96H5 esphome vulnerable to stored Cross-site Scripting in edit configuration file API

Summary Edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation and Home Assistant add-on serves unsanitized data with “Content-Type: text/html; charset=UTF-8”, allowing remote authenticated user to inject arbitrary web script and exfiltrate sessi...

SUSE CVE-2021-4057

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2021-30515

Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2022-0115

Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...