20 matches found
CVE-2026-5563
A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...
CVE-2026-5563 AutohomeCorp frostmourne Alarm Preview previewData httpTest sql injection
A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...
CVE-2026-5563
CVE-2026-5563 affects AutohomeCorp frostmourne up to 1.0. The flaw is in the Alarm Preview component, specifically the function httpTest in /api/monitor-api/alarm/previewData, leading to a SQL injection . Exploitation is remote over the network and the exploit is publicly released. CVSS metrics i...
PT-2026-30433
A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...
Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata
Summary An authenticated low-privileged user can call assets/preview-file for an asset they are not authorized to view and still receive preview response data previewHtml for that private asset. The returned preview HTML included a private preview image route containing the target private assetId...
CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
CVE-2026-32137 DataEase SQL Injection Vulnerability
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
CVE-2026-32137 DataEase SQL Injection Vulnerability
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
EUVD-2026-11647
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
CVE-2026-32137 DataEase SQL Injection Vulnerability
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
PT-2026-25034
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...
WordPress plugin NotificationX has a cross-site scripting vulnerability.
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2019-11157
Malware in sbrugna...
PT-2024-18440 · WordPress · Arforms Form Builder
Name of the Vulnerable Software and Affected Versions: ARForms Form Builder plugin for WordPress versions up to, and including, 1.6.4 Description: The issue is related to a missing capability check on the arflite remove preview data function, allowing authenticated attackers with subscriber acces...
Apple macOS Monterey 权限许可和访问控制问题漏洞
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey versions 12.0 21A344 - 12.3.1 21E258 suffer from a Permission Granting and Access Control Issue vulnerability that stems from a plug-in that may be able to inherit...
Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-30403)
Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to obtain preview data of recently used applications...
CVE-2019-20617
An issue was discovered on Samsung mobile devices with P9.0 software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 March 2019...
Remote code execution
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...