238 matches found
EUVD-2024-36639
Malicious code in bioql PyPI...
EUVD-2024-25313
Malicious code in bioql PyPI...
EUVD-2022-38138
Malicious code in bioql PyPI...
ebram_web_scanner
EBRAM Web Scanner EBRAM Web Scanner is a powerful Python-ba...
CVE-2024-28192
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated befo...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-48573
A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature...
CVE-2023-28359
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the...
CVE-2021-20736
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors...
CVE-2020-35847
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...
CVE-2020-35846
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function...
CVE-2020-35666
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...
CVE-2020-35848
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function...
Exploit for CVE-2024-53900
CTF Challenge - Mongoose RCE CVE-2024-53900 Challenge Overvie...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50672
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...
CVE-2024-50672
Summary: CVE-2024-50672 affects Adapt Learning Adapt Authoring Tool versions <= 0.11.3. A NoSQL injection flaw arises from insufficient input validation, where attacker-controlled input is used in a Mongoose find() query. This can allow unauthenticated users to reset passwords for regular and ...
Adapt Authoring Tool 安全漏洞
Adapt Authoring Tool is a free and easy-to-use eLearning authoring tool from Adapt Learning open source. A security vulnerability exists in Adapt Authoring Tool that stems from the inclusion of a NoSQL injection vulnerability. An unauthenticated attacker can reset user and administrator account...