snail-job 代码问题漏洞

snail-job is a distributed task scheduling platform open source by aizuda. A code issue vulnerability exists in snail-job version 1.7.0 and earlier, which stems from a misuse of the parameter argsStr in the component API and could lead to a deserialization attack...

PT-2025-23436 · Unknown · Mist Community Edition

Name of the Vulnerable Software and Affected Versions: Mist Community Edition versions up to 4.7.1 Description: A critical issue has been found, affecting the create token function of the API Token Handler component. This leads to improper access controls, allowing remote attacks. The issue has...

CVE-2024-24110

SQL Injection vulnerability in crmebjava before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people...

PT-2025-17474 · Unknown · Yxj2018 Springboot-Vue-Onlineexam

Name of the Vulnerable Software and Affected Versions: YXJ2018 SpringBoot-Vue-OnlineExam version 1.0 Description: A vulnerability has been found in YXJ2018 SpringBoot-Vue-OnlineExam, affecting some unknown processing of the component API. The manipulation leads to improper authentication. The...

CVE-2024-37768

14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...

CVE-2024-28397

CVE-2024-28397 affects the Python js2py library (versions up to 0.74). The vulnerability enables a sandbox escape and remote code execution by abusing Python object introspection from JavaScript. Attackers can obtain a PyObjectWrapper via Object.getOwnPropertyNames({}) and then traverse to Python...

CVE-2024-1262 Juanpao JPShop API MaterialController.php actionUpdate unrestricted upload

A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument picurl leads to unrestricted...

Information disclosure

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The...

CVE-2022-3939

A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely...

CVE-2019-25066

A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading t...

ajenti 操作系统命令注入漏洞

ajenti is a Linux and BSD modular server management panel from ajenti open source. A security vulnerability exists in ajenti version 2.1.31, which stems from a problem with the component API. An attacker can exploit the vulnerability to achieve privilege escalation...

CVE-2021-22294

A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources...

HarmonyOS 安全漏洞

HarmonyOS is a distributed operating system for all scenarios developed by Huawei, a Chinese company. A privilege bypass vulnerability exists in a component API of HarmonyOS 2.0. A local attacker could exploit the vulnerability to repeatedly issue commands that could exhaust system service...