21 matches found
CVE-2026-54917
SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...
CVE-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access
SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...
CVE-2020-37141 AMSS++ v 4.31 - 'id' SQL Injection
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents...
CVE-2021-47824
iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash...
CVE-2025-8775
A vulnerability was found in Qiyuesuo Eelectronic Signature Platform up to 4.34 and classified as critical. Affected by this issue is the function execute of the file /api/code/upload of the component Scheduled Task Handler. The manipulation of the argument File leads to unrestricted upload. The...
PT-2024-5562
SAP BusinessObjects Business Intelligence Platform versions 4.30 and 4.40 The issue involves a missing authentication check in the SAP BusinessObjects Business Intelligence Platform when Single Signed On is enabled on Enterprise authentication. An unauthorized user can obtain a logon token by...
Hikvision DS-7604NI-K1 安全漏洞
Hikvision DS-7604NI-K1 is a network video recorder from Hikvision China. A security vulnerability exists in Hikvision DS-7604NI-K1 V4.30.096 build221220 and earlier versions, which stems from insufficient validation of parameters in messages, and can be exploited by an attacker to send a speciall...
CVE-2024-2599
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure...
CVE-2024-2596
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/mail/main/selectsend.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...
CVE-2024-2589
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetailschoolperson.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in th...
CVE-2024-2592
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/picshow.php, in the 'personid' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
SAP BusinessObjects Suite Installer Security Vulnerability
SAP BusinessObjects Suite Installer is an application from SAP, Germany. A security vulnerability exists in SAP BusinessObjects Suite Installer versions 420 and 430 that originates from allowing an attacker to delete all operating system files...
SAP BusinessObjects Business Intelligence Platform 代码问题漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and enable fast, ea...
CVE-2022-39800
SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...
CVE-2022-32246
SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...
SAP Business Objects SQL注入漏洞
SAP Business Objects is a business intelligence suite from SAP Germany. An SQL injection vulnerability exists in SAP BusinessObjects Business Intelligence Platform versions 420 and 430, which can be exploited by an authenticated attacker to query and extract SQL backend data through the BI...
BD Synapsys 代码问题漏洞
BD Synapsys is a software application from Biddy Medical BD that provides data management and workflow functionality in clinical diagnostic activities in laboratories. A code issue vulnerability exists in BD Synapsys versions 4.20, 4.20 SR1, and 4.30 that stems from insufficient session expiratio...
PT-2022-18244 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost version 4.39.0 Description: The issue concerns an arbitrary file upload vulnerability in the file upload module, potentially allowing attackers to execute arbitrary code via a crafted SVG file. However, the vendor states that uploading...
SAP Business Objects Web Intelligence 安全漏洞
SAP Business Objects Web Intelligence is a centralized suite from SAP, Germany. It is used for data reporting, visualization, and sharing. A security vulnerability exists in SAP Business Objects Web Intelligence, which stems from an information disclosure in the product. The following products an...
CVE-2020-29475
nopCommerce Store 4.30 is affected by cross-site scripting XSS in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the...