Lucene search
K

6 matches found

NVD
NVD
added 2026/03/19 12:16 p.m.5 views

CVE-2026-3511

Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF Server Side Request Forgery attacks and obtain unauthorized access to local files on filesystems running the vulnerable...

8.6CVSS0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/18 2:32 p.m.12 views

CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values

A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random...

6.3CVSS0.00401EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.3 views

Erudika Para 跨站脚本漏洞

Erudika Para is a command-line interface from the Bulgarian company Erudika. cross-site scripting vulnerability exists in versions prior to Erudika Para v1.45.11, which stems from a function in Utils.java that lacks filtering and escaping for user data. An attacker could use this vulnerability to...

9.4CVSS5.6AI score0.00917EPSS
Exploits1References3
NVD
NVD
added 2021/11/15 9:15 p.m.34 views

CVE-2021-41269

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...

10CVSS0.04047EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/11/24 11:50 p.m.47 views

CVE-2020-26238 Critical vulnerability found in cron-utils

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote...

7.9CVSS8.4AI score0.04204EPSS
Exploits1References13
ATTACKERKB
ATTACKERKB
added 2020/11/10 1:15 p.m.4 views

CVE-2020-0418

In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813...

7.8CVSS7.6AI score0.00256EPSS
Exploits0References2
Rows per page
Query Builder