282 matches found
CVE-2026-2141
A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...
CVE-2026-2141
A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...
CVE-2026-2141 WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization
A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization...
WukongCRM 授权问题漏洞
WukongCRM is a Customer Relationship Management CRM system developed by Wukong Corporation in China. Versions of WukongCRM 11.3.3 and earlier contained an authorization vulnerability. This vulnerability stemmed from incorrect handling of a file in the component’s URL Handler, specifically the...
MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.232.b09-1.AXS4 (AXSA:2019-4356:04)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4356:04 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...
MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.232.b09-0.el7 (AXSA:2019-4346:06)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4346:06 advisory. OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 OpenJDK: Unexpected exception thrown during regular...
CVE-2025-55204
muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFile function in the URL handler component. An attacker can access internal resources or services by supplying crafted URLs. Remediation There is no fixed version for com.yalantis:ucrop...
CVE-2025-14516 Yalantis uCrop URL com.yalantis.ucrop.task.BitmapLoadTask.java downloadFile server-side request forgery
A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The...
CVE-2025-13268
A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...
CVE-2025-13268
A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...
CVE-2025-13268
A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...
CVE-2025-13268 Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection
A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...
CVE-2025-13268 Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection
A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...
CVE-2025-13268
CVE-2025-13268 affects Dromara dataCompare up to 1.0.1, targeting the JDBC URL Handler component. The root cause is an issue in the DbConfig function of DbconfigServiceImpl.java that can be exploited to perform injection remotely. Multiple sources verify the vulnerability and note that an exploit...
PT-2025-47128
Name of the Vulnerable Software and Affected Versions Dromara dataCompare versions up to 1.0.1 Description A flaw exists in Dromara dataCompare related to the JDBC URL Handler component. The issue resides within the DbConfig function of the file...
CVE-2025-11648
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TFFQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are high...
Tomofun Furbo 360和Tomofun Furbo Mini 代码问题漏洞
Tomofun Furbo 360 and Tomofun Furbo Mini are both smart pet cameras from Tomofun Corporation of Taiwan, China. A code issue vulnerability exists in Tomofun Furbo 360 FB0035FW036 and earlier versions and Tomofun Furbo Mini MC0020FW074 and earlier versions, which stems from a flaw in the GATT...
EUVD-2002-0978
Malware in sbrugna...
EUVD-2021-10774
Malware in sbrugna...