Weak Password Hash Generation

xxl-job is vulnerable to a Weak Password Hash Generation vulnerability. The vulnerability is due to insufficient computational effort in the 'makeToken' function of 'IndexController.java', where an attacker can manipulate the token-generation logic to obtain and resulting remote compromise...

EUVD-2023-30875

Malicious code in bioql PyPI...

pybbs 输入验证错误漏洞

pybbs is a community platform for Java development by iuiu individual developers. An input validation error vulnerability exists in pybbs 6.0.0 and earlier versions, which originates from the function changeLanguage parameter referer in the file...

CVE-2024-2828 lakernote EasyAdmin IndexController.java thumbnail server-side request forgery

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. I...

CVE-2023-27088

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will...

Authorization

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will...

CVE-2023-27088

CVE-2023-27088 affects feiqu-opensource with a background vertical authorization issue in IndexController.java. Exploitable by demo users with low permission to perform admin-level operations, including changing the blacklist IP address. CVSS v3.1 metrics show a high-severity, network-based explo...

CVE-2023-27088

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will...

PT-2023-20944 · Unknown · Feiqu-Opensource

Name of the Vulnerable Software and Affected Versions: feiqu-opensource affected versions not specified Description: A background vertical authorization issue exists in IndexController.java, allowing demo users with low permission to perform operations within the permission of the admin super...

CVE-2023-27088

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will...

CVE-2022-45290

Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java...

Arbitrary file deletion

Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java...

CVE-2022-45290

CVE-2022-45290 affects Kbase Doc v1.0, with an arbitrary file deletion vulnerability in the component /web/IndexController.java. The CVSS 3.1 data indicates a CRITICAL severity (base score 9.1) with Network attack vector, no privileges required, no user interaction, and impact to both integrity a...