OFCMS SQL Injection Vulnerability

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from the SQL injection in the Query function of the SystemDictController.java file within the JSON query interface...

CVE-2026-10203 OFCMS JSON Query SystemParamController.java query sql injection

A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...

CVE-2024-32641

Masa CMS (open source Enterprise Content Management) has a remote code execution vulnerability in addParam that processes the criteria input and is evaluated by setDynamicContent, enabling unauthenticated code execution via the m tag. Affected versions are before 7.2.8, 7.3.13, and 7.4.6. Patches...

EUVD-2019-9462

Malware in sbrugna...

CVE-2019-19869

An issue was discovered in B Industrial Automation APROL before R4.2 V7.08. PVs could be changed unencrypted by using the IosHttp service and the JSON interface...

CVE-2022-24788

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

PT-2025-6256 · Fortinet · Fortimanager

Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.4 through 7.6.1 FortiManager version 7.0 Description: The issue is related to the use of a hard-coded cryptographic key in the FortiManager interface, which can allow a remote attacker to disclose confidential...

Buffer Overflow in vyper

Impact Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Patches 0.3.2 as of https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b Workarounds Use .vy...

Buffer overflow

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

PYSEC-2022-197

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

CVE-2022-24788 Buffer overflow in Vyper

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

CVE-2022-24788 Buffer overflow in Vyper

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...

Vyper 缓冲区错误漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper before 0.3.2, which stems from the fact that importing a function from a JSON interface that returns bytes generates bytecode with an unlimited byte length, potentially resulting in a buffer overflow...

CVE-2019-19869

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed unencrypted by using the IosHttp service and the JSON interface...

CVE-2019-19869

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed unencrypted by using the IosHttp service and the JSON interface...

Design/Logic Flaw

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed unencrypted by using the IosHttp service and the JSON interface...

CVE-2019-19869

CVE-2019-19869 affects B&R Industrial Automation APROL (before R4.2 V7.08). The issue allows PVs to be changed via the IosHttp service and JSON interface in unencrypted form, impacting data integrity. No explicit exploit details or in-wild exploitation are provided in the documents. Remediation/v...

CVE-2019-19869

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed unencrypted by using the IosHttp service and the JSON interface...

B&r Automation APROL Security Breach

B&r Automation B&r Automation APROL is a Linux-based process control system for industrial control applications from Australian company B&r Automation. A security vulnerability exists in B&R Industrial Automation APROL versions prior to R4.2 V7.08, which originates from the ability to alter...

CVE-2016-5668

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call...