35 matches found
CVE-2026-2676
A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be...
CVE-2026-2676 GoogTech sms-ssm API LoginInterceptor.java preHandle improper authorization
A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be...
sms-ssm 授权问题漏洞
SMS-SSM is a student management system personally developed by HackHuang. There are authorization-related vulnerabilities in SMS-SSM; these vulnerabilities stem from improper authorization in the preHandle function within the LoginInterceptor.java file...
EUVD-2024-54909
Malicious code in bioql PyPI...
EUVD-2024-54900
Malicious code in bioql PyPI...
EUVD-2024-54891
Malicious code in bioql PyPI...
CVE-2024-46412
Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location...
CVE-2024-46412
Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location...
CVE-2024-46412
Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location...
Rebuild 安全漏洞
Rebuild is a highly customizable enterprise management system from getrebuild open source. A security vulnerability exists in Rebuild version v3.7.7, which stems from improper access control in the prehandle function and could lead to bypassing authentication via a specially crafted GET request...
CVE-2024-46412
CVE-2024-46412 affects Rebuild v3.7.7. The issue is an incorrect access control in the prehandle function, allowing an attacker to bypass authentication by sending a crafted GET request to /commons/ip-location. Public sources in the connected documents corroborate this description across Red Hat ...
CVE-2024-50640
jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function...
CVE-2024-57491
Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function...
CVE-2024-50640
jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function...
CVE-2024-57491
Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function...
CVE-2024-57491
Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function...
CVE-2024-53495
CVE-2024-53495 affects my-site v1.0.2.RELEASE. The root cause is incorrect access control in the preHandle function, permitting access to sensitive components without authentication. The vulnerability is rated CVSS v3.1 base score 7.5 (HIGH) with network attack vector, low exploit complexity, and...
CVE-2024-57152
Summary: CVE-2024-57152 affects my-site v1.0.2 due to incorrect access control in the preHandle function of the cn.luischen.interceptor.BaseInterceptor class, enabling unauthenticated access to sensitive components. The CVSS v3.1 base score is 7.5 (HIGH); attack vector is NETWORK, with LOW attack...
CVE-2024-57491
CVE-2024-57491 affects jobx (up to v1.0.1-RELEASE). The vulnerability is an authentication bypass in the preHandle function, allowing access to sensitive APIs without a token. CVSSv3.1 base score 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, user interactio...
CVE-2024-50640
CVE-2024-50640 affects jeewx-boot 1.3, with an authentication bypass in the preHandle function. Root cause: bypasses authentication logic in preHandle. CVSSv3.1 base score 9.8 (CRITICAL) - Network attack, no user interaction, high confidentiality/integrity/availability impact. No patch/fix versio...