PT-2024-20374 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: Jfinalcms version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information. The issue is related to the /admin/admin API endpoint, specifically the name parameter. Recommendations: For Jfinalcms versio...

The vulnerability of QTS, QuTS hero, and QuTScloud network devices from Qnap operating systems arises from incorrect path name restrictions for access-controlled catalogs. This allows attackers to exploit the vulnerabilities to disclose protected information.

The vulnerability of QTS, QuTS Hero, and QuTScloud network devices from QNAP operating systems is related to incorrect path name restrictions in the restricted access catalog. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

BIT-MASTODON-2023-42450 Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

CVE-2023-46950

Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions...

IBM Security Guardium 代码问题漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium Key Lifecycle Manager suffers from an...

The vulnerability of Microsoft Edge browser, related to the lack of protection for service data, allows attackers to disclose protected information.

The vulnerability of Microsoft Edge relates to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

CVE-2022-43842

IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079...

PT-2024-15314 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: In the setParameter function of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote informati...

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in authentication errors, which allow attackers to modify arbitrary data.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify arbitrary data remotely...

The vulnerability of the Setup sub-component, part of the Admin component in Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, allows an attacker to gain access to read, modify, add, or delete data.

The vulnerability of the Setup sub-component and the Admin component of Oracle Knowledge Management, a system for automating business processes within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...

XunRuiCMS 安全漏洞

XunRuiCMS XunRui CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in XunRuiCMS v4.6.2 and earlier versions. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by remo...

The vulnerability of the Autofill function in Microsoft Edge and Google Chrome browsers allows attackers to compromise data integrity.

The vulnerability of the Autofill function in Microsoft Edge and Google Chrome browsers is related to improper security checks for standard elements. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

MachineSense FeverWarn Access Control Error Vulnerability

MachineSense FeverWarn is a temperature detection device from MachineSense. MachineSense FeverWarn suffers from an Access Control Error vulnerability that stems from improperly protected programmable interfaces APIs that can be accessed without authentication. A remote attacker can retrieve and...

Server side request forgery (ssrf)

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

The vulnerability of the sub-component “Engineering Change Order” of the Oracle Installed Base component in the Oracle E-Business Suite system, which allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Engineering Change Order component of the Oracle Installed Base component in the Oracle E-Business Suite system exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the Hotspot component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read,...

OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

The vulnerability of the Host KVM Daemon on the BMC – Baseboard Management Controller of the NVIDIA DGX A100 server allows a attacker to gain access to read, modify, or delete data, execute arbitrary code, or cause a service failure.

The vulnerability of the NVIDIA DGX A100 server’s Host KVM Daemon, a device management controller, lies in the fact that operation data is written outside of the buffer in memory. Exploiting this vulnerability allows an attacker to gain access to read, modify, or delete data, execute arbitrary...

Hathway Router CM5100 Cross-Site Scripting Vulnerability

Hathway Router is a router from Hathway India. The Hathway Router CM5100 suffers from a cross-site scripting vulnerability that stems from multiple vulnerabilities in the router, which could allow a remote attacker to perform a stored cross-site scripting XSS attack, obtain sensitive information,...