CVE-2021-24950

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. ...

CVE-2021-42857

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be...

Aternity SteelCentral AppInternals 路径遍历漏洞

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity, Inc. A directory traversal vulnerability exists in Aternity SteelCentral AppInternals, which stems from /api/appInternals/1.0/agent/da/pcf that does not perform any validation of user input that allows...

Sourcecodester Hospital Patient Records Management System SQL注入漏洞

Sourcecodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. sourcecodester Hospital Patient Record Management System v1.0 is vulnerable to SQL injection. The vulnerability is caus...

Apache Pluto 跨站脚本漏洞

Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An...

CVE-2021-43548

Patient Information Center iX PIC iX Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly...

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the Wordpress plugin that stems from insufficient input validation in the Use-Your-Drive search function of the Wordpress plugin prior to 1.18.3, allowing an unauthenticated user to create a...

ZZCMS 跨站脚本漏洞

ZZZCMS is a content management system CMS from the ZZZCMS team in China. ZZZCMS suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the editfile action of /adminxxx/save.php. An attacker could exploit the...

PT-2021-23883 · Jenkins · Jenkins Squash Tm Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows attackers who can control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled...

Sonatype Nexus Repository 代码问题漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A security vulnerability exists in Sonatype Nexus Repository 3, which stems from a lack of validation and filtering of user-submitted input on t...

WordPress 插件 SQL注入漏洞

WordPress plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL injection vulnerability that stems from the WP Simple Booking Calendar plugin failing to escape, validate, or clean up the orderby parameter in its Search Calendar operation before using i...

Dswjcms 跨站脚本漏洞

Dswjcms is for individuals and personal lending launched a free p2p open source project , based on Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of the existence of cross-site scripting vulnerability , the...

c-ares: Missing input validation of host names may lead to domain hijacking

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...

Online Catering Reservation System 路径遍历漏洞

Online Catering Reservation System is an open source online catering reservation system. Online Catering Reservation System is vulnerable due to a lack of validation in index.php leading to a directory traversal vulnerability. An attacker could use this vulnerability to obtain sensitive informati...

CVE-2021-37594

In FreeRDP before 2.4.0 on Windows, wfcliprdrserverfilecontentsrequest in client/Windows/wfcliprdr.c has missing input checks for a FILECONTENTSSIZE File Contents Request PDU...

The vulnerability of the qsvghandler.cpp component of the cross-platform development framework for Qt software, related to the lack of a mechanism for checking input data, allows attackers to trigger service failures.

The vulnerability of the qsvghandler.cpp component of the cross-platform framework for developing Qt software is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to trigger a service failure by using an altered SVG image...

CVE-2021-23403

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge function due to lack of validation input...

The vulnerability in the `add_probe` function of the `modutils/modprobe.c` file of the UNIX utility suite BusyBox, related to a lack of input validation mechanism, allows an attacker to compromise data integrity.

The vulnerability of the addprobe function in the modutils/modprobe.c file of the BusyBox command-line utility suite in UNIX systems is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to manipulate data integrity using the slash / as pa...

The vulnerability of the ReadPSDLayersInternal function in the coders/psd.c component of the console image editing tool ImageMagick, related to a lack of input data validation mechanism, allows attackers to trigger a service failure.

The vulnerability of the ReadPSDLayersInternal function in the ImageMagick console graphics editor’s coders/psd.c file is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially crafted file...

PYSEC-2021-646

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...