7 matches found
CVE-2025-25586
yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml...
CVE-2025-25586
yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml...
CVE-2025-25586
yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml...
yimioa 安全漏洞
yimioa CloudNet OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in yimioa versions prior to v2024.07.04, which stems from an information leak in the application.yml component...
CVE-2023-48396 Apache SeaTunnel Web: Authentication bypass
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...
CVE-2023-48396 Apache SeaTunnel Web: Authentication bypass
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affect...
CVE-2018-20437
An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report becaus...