Fastspot BigTree SQL注入漏洞

BigTree CMS is an open source content management system based on PHP and MySQL. A SQL injection vulnerability exists in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier versions. An attacker can exploit this vulnerability to inject malicious SQL queries into the application via the 'Creat...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video. A security vulnerability exists in FFmpeg that originates from a memory leak in the ffv4l2m2mcreatecontext function of v4l2m2m.c. The vulnerability can be exploited to cause a denial of service. An attacker can...

PT-2021-19833 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue arises when an attacker converts a Files Drop link to a federated share, causing problems o...

CVE-2020-1701

A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret...

Opennms Group OpenNMS 跨站脚本漏洞

Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the U.S.-based OpenNMS Group Opennms Group. A cross-site scripting vulnerability exists in OpenNMS Horizon and OpenNMS Meridian, which stems from the fact that the function...

CVE-2020-25408

A Cross-Site Request Forgery CSRF vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data...

libwebp 缓冲区错误漏洞

Libwebp is a WebP image format encoding and decoding library . A security vulnerability exists in versions of Libwebp prior to 1.0.1. The vulnerability stems from a read out-of-bounds in WebPMuxCreateInternal and can be exploited by an attacker to threaten data confidentiality and service...

PT-2021-4271 · Pglogical · Pglogical

Name of the Vulnerable Software and Affected Versions: pglogical versions before 2.3.4 pglogical versions before 3.6.26 Description: The issue is related to a lack of input data sanitization in the pglogical system, which can be exploited to gain access to confidential data, compromise data...

WAGO 访问控制错误漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed specifically for applications in industrial environments where digital algorithms operate electronic systems. A security vulnerability exists in WAGO. The vulnerability arises from unauthorized acces...

PostgreSQL 缓冲区错误漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A buffer error vulnerability exists in PostgreSQL. An attacker can re...

The vulnerability of the Create Contracts sub-component of the Oracle Legal Entity Configurator, a component of the Oracle E-Business Suite, allows a violator to gain unauthorized access to the device.

The vulnerability of the Create Contracts sub-component of the Oracle Legal Entity Configurator, a component of the Oracle E-Business Suite, is related to code errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP...

CVE-2021-28563

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to...

PT-2021-3431 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to an Improper Authorization vulnerability via the "Create Customer" endpoint. Successful...

Exploit for Incorrect Authorization in Apache Solr

Apache Solr RCE CVE-2020-13957 Docker Demo !docker-demo...

Prototype Pollution in dot-notes

All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function...

GHSA-QR4M-JCVC-3382 Prototype Pollution in dot-notes

All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. An authorization issue vulnerability exists in Chamilo LMS version 1.11.10,...

CVE-2021-25839

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing...

CVE-2021-25839

A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing...

MINTHCM 安全漏洞

MINTHCM is a MINTHCM open source application. A human resource management software. A weak password requirement vulnerability exists in the Create New User function in MintHCM RELEASE version 3.0.8, which can be exploited by an attacker to brute-force password cracking...