341 matches found
CVE-2025-15442 CRMEB product_list sql injection
A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/productlist. This manipulation of the argument cateid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...
CRMEB SQL注入漏洞
CRMEB is a Java mall system of CRMEB open source. A SQL injection vulnerability exists in CRMEB 5.6.1 and earlier versions, which originates from the incorrect operation of the parameter cateid in the file /adminapi/product/productexport, which could lead to a SQL injection attack...
CRMEB SQL注入漏洞
CRMEB is a Java mall system of CRMEB open source. A SQL injection vulnerability exists in CRMEB 5.6.1 and earlier versions, which stems from the incorrect operation of the parameter cateid in the file /adminapi/export/productlist, which may lead to SQL injection attacks...
CVE-2025-66906
Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...
EUVD-2025-204543
Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...
CVE-2025-66906
Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...
CVE-2025-66906
Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...
CVE-2025-66906
Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...
PT-2025-52455
Cross Site Request Forgery CSRF vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges...
CVE-2025-66906
Summary: CVE-2025-66906 is a CSRF vulnerability affecting Turms Admin API up to v0.10.0-SNAPSHOT, enabling attackers to gain escalated privileges. Affected software: Turms Admin API (Turms project), version range up to 0.10.0-SNAPSHOT. Vulnerability details: Cross Site Request Forgery; root cause...
CVE-2025-14777
A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...
CVE-2025-59302
In Apache CloudStack improper control of generation of code 'Code Injection' vulnerability is found in the following APIs which are accessible only to admins. quotaTariffCreate quotaTariffUpdate createSecondaryStorageSelector updateSecondaryStorageSelector updateHost updateStorage This issue...
CVE-2025-63291
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...
EUVD-2025-197655
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...
CVE-2025-63291
When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying...
CVE-2025-63551
A Server-Side Request Forgery SSRF vulnerability, achievable through an XML External Entity XXE injection, exists in MetInfo Content Management System CMS thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the...
EUVD-2018-9995
Malware in sbrugna...
EUVD-2017-7993
Malware in sbrugna...
EUVD-2021-1993
Malware in sbrugna...
EUVD-2021-0581
Malware in sbrugna...