PT-2025-20315 · Nginx +10 · Nginx +10

Name of the Vulnerable Software and Affected Versions: Rack versions prior to 2.2.14, 3.0.16, and 3.1.14 Description: Rack is a modular Ruby web server interface. The Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any...

CVE-2023-37534

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...

CVE-2023-37534

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...

CVE-2023-37534

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...

CVE-2023-37534 HCL Leap is affected by a Cross-site scripting (XSS) vulnerability

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from an insufficient whitelisting of the URI protocol, which allows scripts to be injected via query parameters...

WeGIA SQL Injection Vulnerability (CNVD-2025-22280)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...

Incorrect Authorization

Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Authorization due to missing checks in transformMiddleware which ignore certain query parameters. An attacker can access unauthorized files by including a ?raw?? ...

CVE-2024-9016

man-group dtale version = 3.13.1 contains a vulnerability where the query parameters from the request are directly passed into the runquery function without proper sanitization. This allows for unauthenticated remote command execution via the df.query method when the query engine is set to 'pytho...

CVE-2024-9016

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45595. Notes: All CVE users should reference CVE-2024-45595 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

CVE-2024-9016

CVE-2024-9016 affects D-Tale (Man Group) for Pandas data structures, where versions

CVE-2024-9016

...

Linux Distros Unpatched Vulnerability : CVE-2022-2880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could...

USN-7290-1 rails vulnerabilities

It was discovered that Rails did not correctly handle parsing block formats in email service layers. An attacker could possibly use this issue to cause a denial of service. CVE-2024-47889 It was discovered that Rails did not correctly handle parsing block quotes in rich text content. An attacker...

OESA-2025-1052 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

USN-7158-1 smarty3 vulnerabilities

It was discovered that Smarty incorrectly handled query parameters in requests. An attacker could possibly use this issue to inject arbitrary Javascript code, resulting in denial of service or potential execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubun...

WordPress plugin Comfino Payment Gateway 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Comfino Payment Gateway...

PT-2024-16612 · WordPress · Forumwp

Name of the Vulnerable Software and Affected Versions: ForumWP – Forum & Discussion Board plugin for WordPress versions up to, and including, 2.1.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping...

The vulnerability of the JetBrains YouTrack project management and task management software, related to the absence of an authentication process that prevents unauthorized access to protected information.

The vulnerability of the JetBrains YouTrack project and task management software lies in the absence of an authentication process when processing query parameters. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure through the logrequest function. This function recorded sensitive information from the query parameters without improper sanitization. Remediation Upgrade jupyter-server to version 1.23.6, 2.3.0 or higher. Reference...