224 matches found
lila 安全漏洞
lila is an ad-free and open source chess server from Lichess Open Source. A security vulnerability exists in lila, which stems from the unvalidated direct passing of the players parameter in the game export API, which could lead to server-side request forgery...
ZenTao多款产品 安全漏洞
ZenTao Biz and others are a project management software from the Chinese company ZenTao. A security vulnerability exists in several ZenTao products, which stems from insufficient validation of the parameter account in the file /zentao/user-login.html, which could lead to an SQL injection attack...
TechStore Pro 安全漏洞
TechStore Pro is an e-commerce platform for nooncarlett individual developers. A security vulnerability exists in TechStore Pro version 1.0, which stems from an unvalidated parameter q in the /searchresults endpoint that could lead to a cross-site scripting attack...
CVE-2025-54941
An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...
CVE-2025-64116
Movary (a web app for tracking and exploring movie watch history) is affected by CVE-2025-64116. Prior to version 0.69.0, the login page accepts a redirect parameter without validation, enabling open redirect to arbitrary external sites. The issue is fixed in 0.69.0. Affected components: login/re...
CVE-2025-64116 Movary vulnerable to an open redirect
Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0...
GHSA-V3C9-J6H9-66V4 Apache Airflow has a command injection vulnerability in "example_dag_decorator"
An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...
CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"
An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...
CVE-2025-54941
The CVE-2025-54941 issue affects Apache Airflow, specifically the example_dag_decorator parameter handling. A non-validated parameter in the example DAG allowed a UI user to redirect to a malicious server and execute code on a worker, but exploitation requires that example DAGs are enabled in pro...
Zucchetti Ad Hoc Infinity 安全漏洞
Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A security vulnerability exists in Zucchetti Ad Hoc Infinity 4.2 and earlier versions, which stems from an unvalidated pHtmlSource parameter that could lead to a cross-site scripting attack...
Zucchetti Ad Hoc Revolution 安全漏洞
Zucchetti Ad Hoc Revolution is a business data processing system from Zucchetti, Italy. A security vulnerability exists in Zucchetti Ad Hoc Revolution 4.1 and earlier versions, which stems from an unvalidated pHtmlSource parameter that could lead to a cross-site scripting attack...
CSZ-CMS 安全漏洞
CSZ-CMS is a PHP-based open source content management system CMS from CSZ-CMS Open Source. A security vulnerability exists in CSZ-CMS 1.3.0 and prior versions, which stems from an unvalidated field parameter in the form view function, which could lead to an SQL injection attack...
Clear2Pay Bank Visibility Application - Payment Execution 安全漏洞
Clear2Pay Bank Visibility Application - Payment Execution is a financial software component from Clear2Pay Belgium. A security vulnerability exists in Clear2Pay Bank Visibility Application - Payment Execution version 1.10.0.104, which originates from an unvalidated ID parameter in the URL and cou...
WordPress plugin PixelYourSite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
ChanCMS /cms/model/hasUse File SQL Injection Vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...
ChanCMS /cms/article/update file SQL injection vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
Newforma Project Center Server Open Redirect Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An open redirection vulnerability exists in Newforma Project...
PHP Education Management 安全漏洞
PHP Education Management is an education manager from the individual developer Iqbolshoh Ilhomjonov. A security vulnerability exists in PHP Education Management version 1.0, which stems from an unvalidated parameter participantname in the worksheet.php file and could lead to a cross-site scriptin...
ERPNext get_rfq_containing_supplier function SQL Injection Vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the txt parameter of the getrfqcontainingsupplier function against externally entered SQL statements. An attacker can...