Lucene search
K

277 matches found

OSV
OSV
added 2025/06/17 2:31 p.m.4 views

EEF-CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Summary Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

2.3CVSS5.8AI score0.00402EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:5 a.m.6 views

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

4.3CVSS6.8AI score0.00831EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

Atheos 安全漏洞

Atheos is an open source browser-based self-hosted cloud IDE from Atheos. A security vulnerability exists in Atheos versions prior to v602, which stems from the $target parameter in /controller.php not being properly validated, which could lead to the execution of arbitrary files via path travers...

9.4CVSS6.9AI score0.00414EPSS
Exploits0References2
OSV
OSV
added 2025/04/07 9:15 p.m.7 views

CVE-2025-3384

A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /controller/employee.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. T...

9.8CVSS5.8AI score0.00478EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/04/02 2:59 p.m.4 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS7.1AI score0.0029EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.6 views

PT-2025-37310

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description The Chamilo learning management system has an OS Command Injection issue. This occurs due to a failure to neutralize special elements used in the operating system command. Successful exploitation...

8.7CVSS6.2AI score0.02657EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2025/03/04 2:40 p.m.5 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/04 2:38 p.m.6 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/04 2:20 p.m.7 views

jenkins-plugin/script-security: Jenkins Script Security Plugin File Disclosure Vulnerability

A flaw was found in the Jenkins Script Security Plugin. This vulnerability allows attackers with Overall/Read permission to check for the existence of files on the controller file system via a method that implements form validation that does not perform a permission check...

4.3CVSS5.8AI score0.0036EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.3 views

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS v1.2.5, which is caused by an arbitrary file upload issue in controllerLocalTemplate.php, where an attacker can upload a well-designed Zip file to execute...

9.8CVSS7.5AI score0.00985EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/05 2:49 a.m.4 views

CVE-2024-6110

A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument image leads to unrestricted upload. The attack may ...

9.8CVSS7.5AI score0.00801EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:37 p.m.7 views

CVE-2024-40691

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

9.8CVSS6.7AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2025/01/13 12:15 a.m.4 views

CVE-2025-0401

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack...

6.9CVSS5.5AI score0.01239EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.4 views

PT-2025-2008 · Beijing Yunfan Internet Technology · Yunfan Learning Examination System

Name of the Vulnerable Software and Affected Versions: Beijing Yunfan Internet Technology Yunfan Learning Examination System version 1.9.2 Description: A problematic issue has been found in the Beijing Yunfan Internet Technology Yunfan Learning Examination System. It affects an unknown function o...

5.3CVSS4.8AI score0.00594EPSS
Exploits1References8
OSV
OSV
added 2024/12/26 5:15 a.m.7 views

CVE-2024-12936

A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The...

9.8CVSS5.8AI score0.00553EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/28 12:0 a.m.6 views

PT-2024-17364 · Guangzhou Huayi Intelligent Technology · Jeewms

Name of the Vulnerable Software and Affected Versions: Guangzhou Huayi Intelligent Technology Jeewms version 3.7 Description: A problematic issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request...

7.5CVSS5.5AI score0.00858EPSS
Exploits1References9
OSV
OSV
added 2024/11/27 6:34 p.m.7 views

GHSA-FWXQ-3F52-5CMC Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

5.3CVSS4.8AI score0.00812EPSS
Exploits0References2
NVD
NVD
added 2024/11/27 5:15 p.m.27 views

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

4.3CVSS0.00812EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 5:15 p.m.4 views

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

4.3CVSS5.8AI score0.00812EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 8:53 p.m.308 views

CVE-2024-52549

CVE-2024-52549 affects Jenkins Script Security Plugin (1367.vdf2fc45f229c and earlier, with exceptions 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776). The issue is a missing permission check in a form-validation method, allowing attackers with Overall/Read permission to determine wheth...

4.3CVSS6.9AI score0.0036EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder