65 matches found
CVE-2025-8752
A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...
D-Link DI-8100 Buffer Overflow Vulnerability
The D-Link DI-8100 is an enterprise-class router from D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 1.0, which originates from an insufficient checksum of parameter mx in the sprintf function in the /ddns.asp?opt=add file of component jhttpd. The vulnerability can b...
D-Link DI-8100 安全漏洞
The D-Link DI-8100 is an enterprise-class router from D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 1.0, which originates from an insufficient checksum of parameter mx in the sprintf function in the /ddns.asp?opt=add file of component jhttpd. The vulnerability can b...
CVE-2022-32128
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting XSS vulnerability via the path /company/service/increment/add/im...
Books-Management-System 代码注入漏洞
Books-Management-System is a book management system by withstars individual developers. A code injection vulnerability exists in Books-Management-System version 1.0, which originates from cross-site scripting due to a misbehavior of the parameter content in file/api/comment/add...
CVE-2024-28680
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/diyadd.php...
Desdev DedeCMS Security Breach
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...
PT-2024-22507 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in the /dede/media add.php component. This allows an attacker to perform unintended actions on the web application. Recommendations: For DedeCMS version 5.7, a...
Desdev DedeCMS 跨站脚本漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site scripting vulnerability...
CVE-2022-4278
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The...
74cms 跨站脚本漏洞
74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /company/service/increment/add/im missing data validation filters for user-supplied data and output. A...
CVE-2022-27428
A stored cross-site scripting XSS vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the albumname parameter...
CVE-2021-0282
On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon RPD crash and restart, causing a Denial of Service DoS. Continued receipt and processing of this UPDATE message will create a sustained Denial of...
Path traversal
On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon RPD crash and restart, causing a Denial of Service DoS. Continued receipt and processing of this UPDATE message will create a sustained Denial of...
CVE-2021-0282
CVE-2021-0282 – Junos OS DoS via BGP UPDATE with Multipath/add-path enabled . Affects Juniper’s Junos OS where Multipath/add-path is enabled; processing a specific BGP UPDATE can crash and restart the routing process daemon (RPD), causing a DoS. Sustained receipt of the UPDATE can propagate the D...
CVE-2021-0282 Junos OS: RPD crash while processing a specific BGP UPDATE when Multipath or add-path features are enabled
On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon RPD crash and restart, causing a Denial of Service DoS. Continued receipt and processing of this UPDATE message will create a sustained Denial of...
Fork CMS 跨站脚本漏洞
Fork is an easy to use, open source CMS using Symfony components. A persistent cross-site scripting vulnerability exists in Fork CMS version 5.8.2. The vulnerability can be exploited to inject arbitrary Javascript code via the navigationtitle and title parameters in /private/en/pages/add...
CVE-2020-15228
In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...
Design/Logic Flaw
In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...
CVE-2017-2302
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to...