Lucene search
K

21 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-54917

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

10CVSS0.00345EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 6:41 p.m.19 views

CVE-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

7.8CVSS0.00345EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/06 11:14 p.m.40 views

CVE-2020-37141 AMSS++ v 4.31 - 'id' SQL Injection

AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents...

8.8CVSS0.00289EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 7:9 p.m.2 views

CVE-2021-47824

iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash...

7.5CVSS5.6AI score0.00304EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/09 9:15 p.m.4 views

CVE-2025-8775

A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...

9.8CVSS5.4AI score0.00377EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.6 views

PT-2024-5562

SAP BusinessObjects Business Intelligence Platform versions 4.30 and 4.40 The issue involves a missing authentication check in the SAP BusinessObjects Business Intelligence Platform when Single Signed On is enabled on Enterprise authentication. An unauthorized user can obtain a logon token by...

10CVSS6.6AI score0.75866EPSS
Exploits0References49
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.3 views

Hikvision DS-7604NI-K1 安全漏洞

Hikvision DS-7604NI-K1 is a network video recorder from Hikvision China. A security vulnerability exists in Hikvision DS-7604NI-K1 V4.30.096 build221220 and earlier versions, which stems from insufficient validation of parameters in messages, and can be exploited by an attacker to send a speciall...

2.7CVSS6.6AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 2:15 p.m.3 views

CVE-2024-2599

File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure...

8.8CVSS5.8AI score0.00623EPSS
Exploits0References1
OSV
OSV
added 2024/03/18 2:15 p.m.8 views

CVE-2024-2596

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/mail/main/selectsend.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...

6.1CVSS5.8AI score0.00411EPSS
Exploits0References1
OSV
OSV
added 2024/03/18 2:15 p.m.4 views

CVE-2024-2589

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetailschoolperson.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in th...

7.5CVSS5.9AI score0.00534EPSS
Exploits0References1
OSV
OSV
added 2024/03/18 2:15 p.m.8 views

CVE-2024-2592

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/picshow.php, in the 'personid' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.5 views

SAP BusinessObjects Suite Installer Security Vulnerability

SAP BusinessObjects Suite Installer is an application from SAP, Germany. A security vulnerability exists in SAP BusinessObjects Suite Installer versions 420 and 430 that originates from allowing an attacker to delete all operating system files...

7.1CVSS6.7AI score0.00373EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.5 views

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and enable fast, ea...

9.1CVSS8.5AI score0.00555EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/10/11 9:15 p.m.2 views

CVE-2022-39800

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...

6.1CVSS6AI score0.00583EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/12 9:15 p.m.5 views

CVE-2022-32246

SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...

4.9CVSS5.7AI score0.00387EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/07/12 12:0 a.m.5 views

SAP Business Objects SQL注入漏洞

SAP Business Objects is a business intelligence suite from SAP Germany. An SQL injection vulnerability exists in SAP BusinessObjects Business Intelligence Platform versions 420 and 430, which can be exploited by an authenticated attacker to query and extract SQL backend data through the BI...

4.9CVSS5.9AI score0.00387EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/31 12:0 a.m.3 views

BD Synapsys 代码问题漏洞

BD Synapsys is a software application from Biddy Medical BD that provides data management and workflow functionality in clinical diagnostic activities in laboratories. A code issue vulnerability exists in BD Synapsys versions 4.20, 4.20 SR1, and 4.30 that stems from insufficient session expiratio...

5.7CVSS6.1AI score0.00223EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.7 views

PT-2022-18244 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost version 4.39.0 Description: The issue concerns an arbitrary file upload vulnerability in the file upload module, potentially allowing attackers to execute arbitrary code via a crafted SVG file. However, the vendor states that uploading...

9.8CVSS8.3AI score0.0379EPSS
Exploits1References10
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.4 views

SAP Business Objects Web Intelligence 安全漏洞

SAP Business Objects Web Intelligence is a centralized suite from SAP, Germany. It is used for data reporting, visualization, and sharing. A security vulnerability exists in SAP Business Objects Web Intelligence, which stems from an information disclosure in the product. The following products an...

4.3CVSS5.1AI score0.00656EPSS
Exploits0References4
OSV
OSV
added 2020/12/29 3:15 p.m.5 views

CVE-2020-29475

nopCommerce Store 4.30 is affected by cross-site scripting XSS in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the...

4.8CVSS5.8AI score0.01082EPSS
Exploits2References1
Rows per page
Query Builder