277 matches found
EEF-CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix
Summary Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...
CVE-2024-5273
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...
Atheos 安全漏洞
Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A security vulnerability exists in Atheos versions prior to v602, which stems from the $target parameter in /controller.php not being properly validated, which could lead to the execution of arbitrary files via path travers...
CVE-2025-3384
A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /controller/employee.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. T...
CVE-2025-31724
Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
PT-2025-37310
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...
jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability
A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...
jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability
A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...
jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability
A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...
FoxCMS 安全漏洞
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS v1.2.5, which is caused by an arbitrary file upload issue in controllerLocalTemplate.php, where an attacker can upload a well-designed Zip file to execute...
CVE-2024-6110
A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument image leads to unrestricted upload. The attack may ...
CVE-2024-40691
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...
CVE-2025-0401
A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack...
PT-2025-2008 · Beijing Yunfan Internet Technology · Yunfan Learning Examination System
Name of the Vulnerable Software and Affected Versions: Beijing Yunfan Internet Technology Yunfan Learning Examination System version 1.9.2 Description: A problematic issue has been found in the Beijing Yunfan Internet Technology Yunfan Learning Examination System. It affects an unknown function o...
CVE-2024-12936
A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The...
PT-2024-17364 · Guangzhou Huayi Intelligent Technology · Jeewms
Name of the Vulnerable Software and Affected Versions: Guangzhou Huayi Intelligent Technology Jeewms version 3.7 Description: A problematic issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request...
GHSA-FWXQ-3F52-5CMC Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...
CVE-2024-54004
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...
CVE-2024-54004
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...
CVE-2024-52549
CVE-2024-52549 affects Jenkins Script Security Plugin (1367.vdf2fc45f229c and earlier, with exceptions 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776). The issue is a missing permission check in a form-validation method, allowing attackers with Overall/Read permission to determine wheth...