251 matches found
GHSA-QCW2-492V-57XJ usememos/memos missing Secure cookie attribute
usememos/memos is an open-source, self-hosted memo hub with knowledge management and socialization. Memos prior to 0.9.0 is missing the Secure cookie attribute, making it vulnerable to session hijacking...
memos 授权问题漏洞
memos is an open source hosted memo center with knowledge management and social features. An authorization issue vulnerability exists in versions of memos prior to 0.9.0 that stems from incorrect authentication...
memos 安全漏洞
memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.0, which stems from incorrect use of privileged APIs...
Oracle E-Business Cross-Site Scripting (CVE-2021-2198)
A stored cross-site scripting vulnerability exists in the Knowledge Management component of Oracle E-Business Suite. The vulnerability is due to the use of untrusted user input...
Bruhn NewTech CBRN-Analysis 代码问题漏洞
Bruhn NewTech CBRN-Analysis is an advanced, off-the-shelf CBRN defense knowledge management software application from Bruhn NewTech. It provides knowledge management, hazard prediction, and warning and reporting W&R capabilities to support operational planning and execution. A security...
Shenzhen Lanning Software Co., Ltd. has SQL injection vulnerability in Lanning Intelligent Collaboration Platform
Shenzhen Lailing Software Co., Ltd. is a well-known large platform OA service provider and a leading knowledge management solution provider in China. It is a national high-tech enterprise specializing in knowledge-based consulting, software development, implementation and technical services for...
Command Execution Vulnerability in Atlassian Confluence Server and Data Center
Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A command execution vulnerability exists in Atlassian Confluence Server and Data Center that could...
Atlassian Confluence Server权限提升漏洞
Atlassian Confluence Server is a server version of Atlassian Australia's suite of collaborative software with enterprise knowledge management capabilities and support for building enterprise WiKi. An elevation of privilege vulnerability exists in Atlassian Confluence Server, which stems from an...
MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-08321)
MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki 1.37 and earlier versions. The vulnerability...
OrbiTeam BSCW Server XSS / LFI / User Enumeration Vulnerabilities
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file inclusion, and user enumeration vulnerabilities...
MediaWiki Denial of Service Vulnerability (CNVD-2022-05528)
MediaWiki is a free and free-to-use web-based wiki engine from the US-based Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki has a denial of service vulnerability in versions prior to 1.36.2, which stems from...
CVE-2021-37531
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...
Design/Logic Flaw
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...
CVE-2021-37531
SAP NetWeaver Knowledge Management XML Forms (versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50) is affected by an XSLT processing vulnerability that allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet containing OS-level commands, place it where the system can access...
SAP NetWeaver Knowledge Management Configuration Service 操作系统命令注入漏洞
SAP NetWeaver Knowledge Management Configuration Service is a knowledge management solution configuration service from SAP, Germany. An operating system command injection vulnerability exists in SAP NetWeaver Knowledge Management XML Forms versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, which allows...
SQL Injection Vulnerability in Panmicro e-cology (CNVD-2021-73908)
Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management and...
CVE-2021-33707
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity...
Code injection
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity...
CVE-2021-33707
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity...
CVE-2021-33707
SAP NetWeaver Knowledge Management is affected by CVE-2021-33707, a URL-redirection flaw where a stored URL in a component enables remote attackers to redirect users to arbitrary sites and conduct phishing, compromising confidentiality and integrity. The vulnerability is described across multiple...