485 matches found
CVE-2026-42147
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...
CVE-2026-37590
SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/managerent.php...
SourceCodester Storage Unit Rental Management System 安全漏洞
The SourceCodester Storage Unit Rental Management System is an open-source system developed by SourceCodester, designed to help manage rental records for storage units and monitor those records. Version 1.0 of the SourceCodester Storage Unit Rental Management System contains a security...
CVE-2026-37589
SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in /storage/admin/maintenance/manage_storage_unit.php. The CVE entry (CVE-2026-37589) is corroborated by multiple sources (NVD, ENISA EUVD, CVE List, AttackersKB, CVE enrichment) indicating a SQL injection fl...
CVE-2026-3750
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3750
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3750 ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3750 ContiNew Admin Storage Management S3ClientFactory.java URI.create server-side request forgery
A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module. The manipulation leads to server-side...
CVE-2026-3750
CVE-2026-3750 affects ContiNew Admin up to 4.2.0; the vulnerability lies in the function URI.create in continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the Storage Management Module, enabling server-side request forgery. The issue can be exploited remotely (...
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...
CVE-2022-42250
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/viewdetails.php?id=...
CVE-2022-42243
Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/managestorage.php?id=...
CVE-2022-42230
Simple Cold Storage Management System v1.0 is vulnerable to SQL Injection via /csms/admin/?page=user/manageuser=...
CVE-2025-68919
Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express DX / AF Management Software before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect system confidentiality, integrity, and...
CVE-2025-13813
A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...
CVE-2025-13813
A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...
EUVD-2025-199958
A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...
CVE-2025-13813 moxi159753 Mogu Blog v2 Storage Management Endpoint storage authorization
A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...
Mogu blog 安全漏洞
Mogu blog 蘑菇博客 is a micro-architecture based front-end and back-end shared blogging system by individual developers in Streamlet, China. A security vulnerability exists in Mogu blog v2 5.2 and earlier versions, which originates from a lack of authorization checking in the file /storage/ in the...
PT-2025-48416
Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog versions up to 5.2 Description A flaw exists in the Storage Management Endpoint component of moxi159753 Mogu Blog. The issue involves unauthorized processing of the /storage/ file, leading to a missing authorization check...