Lucene search
K

17 matches found

NVD
NVD
added 2026/06/02 3:16 a.m.16 views

CVE-2026-10567

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS0.00237EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/01 11:45 p.m.10 views

CVE-2026-10514

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

4.8CVSS4.1AI score0.00251EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/04/10 3:45 p.m.29 views

CVE-2026-40023 Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

6.3CVSS0.00499EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/10 3:45 p.m.2 views

CVE-2026-40023

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...

6.3CVSS5.8AI score0.00499EPSS
Exploits0References6
CVE
CVE
added 2026/04/10 3:45 p.m.17 views

CVE-2026-40023

CVE-2026-40023 concerns Apache Log4cxx XMLLayout (pre-1.7.0) that fails to sanitize XML 1.0 forbidden characters in log messages, NDC, and MDC keys/values, producing invalid XML. Conforming parsers may reject such documents, potentially dropping or failing to index affected records and impairing ...

6.3CVSS5.8AI score0.00499EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/03/27 11:25 p.m.1 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the NGAP LocationReport message handler. An attacker can cause the process to crash and disrupt service for all connected subscribers by sending specially crafted NGAP messages. Remediation Upgrade...

7.1CVSS5.9AI score0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.7 views

CVE-2023-31101

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

6.5CVSS6.9AI score0.0111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.4 views

CVE-2023-31064

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....

7.5CVSS6.9AI score0.01247EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/14 6:31 p.m.8 views

EUVD-2025-203309

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in...

6.5CVSS6.5AI score0.00303EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.6 views

PT-2025-51174

Name of the Vulnerable Software and Affected Versions aizuda snail-job versions up to 1.6.0 Description A flaw exists in the QLExpressEngine.doEval function within the snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java fil...

6.5CVSS6.4AI score0.00303EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 5:58 a.m.4 views

CVE-2023-31206

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick 1 to...

7.5CVSS6.9AI score0.01247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:57 a.m.2 views

CVE-2023-31098

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password with any character or symbol, attackers can easily guess the user's password and access the accoun...

9.8CVSS7AI score0.01233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:57 a.m.4 views

CVE-2023-31454

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

7.5CVSS7AI score0.01182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.3 views

PT-2023-2846 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.2.0 through 1.6.0 Description: The issue is related to incorrect permission assignment for critical resources in Apache InLong, allowing a remote attacker to impact the integrity and availability of protected...

8.5CVSS6.9AI score0.01182EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/05/21 12:0 a.m.3 views

PT-2023-8728 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.2.0 through 1.6.0 Description: The issue affects Apache InLong, allowing a user to cancel an application that does not belong to them. This is related to the use of files and directories accessible to external parties...

7.8CVSS7.5AI score0.01247EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.3 views

PT-2023-11812 · Unknown +1 · Trampgeek Jobe +1

Name of the Vulnerable Software and Affected Versions: trampgeek jobe versions 1.6.x and earlier Description: A critical issue affects the function run in sandbox of the file application/libraries/LanguageTask.php, leading to command injection. Recommendations: For trampgeek jobe versions 1.6.x a...

9.8CVSS6.3AI score0.02099EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2008/07/28 12:0 a.m.4 views

PT-2008-4758 · Pure · Pure Software Lore

Name of the Vulnerable Software and Affected Versions: Pure Software Lore versions prior to 1.7.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related ...

4.3CVSS5.8AI score0.01033EPSS
Exploits0References5
Rows per page
Query Builder