8 matches found
CVE-2026-27702
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server...
app.cash.backfila:client-misk (>=2023.12.01.210510-f61f157 <=2025.09.02.174848-7b27340), app.cash.backfila:client-misk-hibernate (>=2023.12.01.210510-f61f157 <=2025.01.16.180443-b0fbc31) +1597 more potentially affected by CVE-2023-33202 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.72)
org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =4.8.3, =1.4.0, =8.1.0.563, =1.1, =1.0.0, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.7.12 and more Source cves: CVE-2023-3320...
CVE-2022-22360
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources...
CVE-2022-22416
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to LDAP injection (CVE-2022-22360)
Summary IBM Sterling Partner Engagement Manager is vulnerable to LDAP injection. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22360 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a remote authenticated attacker to conduct an LDAP injection. By using a...
Security Bulletin: IBM Partner Engagement Manager is vulnerable to improper restriction of XXE (CVE-2022-22358)
Summary IBM Sterling Partner Engagement Manager has addressed an XXE vulnerability. Vulnerability Details CVEID:CVE-2022-22358 DESCRIPTION: IBM Sterling Partner Engagement Manager is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploi...
Logic Flaw Vulnerability in Mingguo APT Attack (Cyber Warfare) Warning Platform
Hangzhou ACE Information Technology Co., Ltd. is a company that has been focusing on the research, development, production and sales of products in the field of network information security, such as Fortress, Remote Monitoring, Cloud Saas Service, Cloud WAF, Industrial Control, Online Remote Offi...
Unauthorized Access Vulnerability in Mingguo APT Attack (Cyber Warfare) Warning Platform (CNVD-2021-47700)
Hangzhou ACE Information Technology Co., Ltd. is a company that has been focusing on the research, development, production and sales of products in the field of network information security, such as Fortress, Remote Monitoring, Cloud Saas Service, Cloud WAF, Industrial Control, Online Remote Offi...