Lucene search
K

83 matches found

Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.6 views

PT-2024-28904 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/user" API endpoint. Recommendations: For versions prior to...

9.8CVSS7.7AI score0.00456EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.39 views

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

0.00381EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.9 views

PT-2024-28906 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...

9.8CVSS7.7AI score0.00431EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/07/12 12:0 a.m.27 views

CVE-2024-40540

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...

8.3AI score0.00456EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.5 views

PT-2024-28907 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/role?offset" API endpoint. Recommendations: For versions pri...

9.8CVSS7.7AI score0.00381EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/07/12 12:0 a.m.22 views

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

8.3AI score0.00456EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.23 views

CVE-2024-40540

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...

0.00456EPSS
Exploits1References1
CVE
CVE
added 2024/07/12 12:0 a.m.83 views

CVE-2024-40540

CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...

9.8CVSS8.3AI score0.00456EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/12 12:0 a.m.19 views

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

8.3AI score0.00381EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.39 views

CVE-2024-40541

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...

0.00431EPSS
Exploits1References1
CVE
CVE
added 2024/07/12 12:0 a.m.83 views

CVE-2024-40542

CVE-2024-40542 affects my-springsecurity-plus versions before v2024.07.03. A SQL injection is exposed via the dataScope parameter at /api/role?offset, as documented across NVD/Red Hat/CNNVD entries. Impact is described variably: NVD base score 9.8 (CRITICAL) with full confidentiality, integrity, ...

9.8CVSS8.3AI score0.00381EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.33 views

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

0.00456EPSS
Exploits1References1
CVE
CVE
added 2024/07/12 12:0 a.m.94 views

CVE-2024-40541

Summary: CVE-2024-40541 affects my-springsecurity-plus prior to v2024.07.03, with a SQL injection vulnerability exposed via the dataScope parameter at the /api/dept/build endpoint. What’s vulnerable: my-springsecurity-plus components handling the dataScope input for that API path. Root cause / im...

9.8CVSS8.3AI score0.00431EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/07/12 12:0 a.m.97 views

CVE-2024-40539

CVE-2024-40539 concerns my-springsecurity-plus prior to v2024.07.03, where a SQL injection is exposed via the dataScope parameter in the /api/user endpoint. The issue is documented across multiple sources indicating the vulnerable component and the attack surface. Public references consistently s...

9.8CVSS8.3AI score0.00456EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/12 12:0 a.m.16 views

CVE-2024-40541

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...

8.3AI score0.00431EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/11 4:31 p.m.10 views

CVE-2024-6681 witmy my-springsecurity-plus dept sql injection

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

6.5CVSS7.3AI score0.00473EPSS
Exploits0References3
OSV
OSV
added 2024/07/11 4:15 p.m.9 views

CVE-2024-6680

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...

9.8CVSS6.3AI score0.00473EPSS
Exploits0References3
OSV
OSV
added 2024/03/22 12:15 p.m.3 views

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

6.3CVSS6.1AI score0.0064EPSS
Exploits1References1
NVD
NVD
added 2024/03/22 12:15 p.m.28 views

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

6.3CVSS8.2AI score0.0064EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/03/22 12:0 a.m.17 views

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

8.6AI score0.0064EPSS
Exploits1References1
Rows per page
Query Builder