Lucene search
+L

368 matches found

Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.11 views

PT-2024-28906 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...

9.8CVSS7.7AI score0.00431EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.41 views

CVE-2024-40541

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...

0.00431EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.26 views

CVE-2024-40540

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...

0.00456EPSS
Exploits1References1
CVE
CVE
added 2024/07/12 12:0 a.m.84 views

CVE-2024-40540

CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...

9.8CVSS8.3AI score0.00456EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/07/12 12:0 a.m.97 views

CVE-2024-40541

Summary: CVE-2024-40541 affects my-springsecurity-plus prior to v2024.07.03, with a SQL injection vulnerability exposed via the dataScope parameter at the /api/dept/build endpoint. What’s vulnerable: my-springsecurity-plus components handling the dataScope input for that API path. Root cause / im...

9.8CVSS8.3AI score0.00431EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/11 5:15 p.m.43 views

CVE-2024-6681

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

9.8CVSS0.00473EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/11 4:31 p.m.10 views

CVE-2024-6681 witmy my-springsecurity-plus dept sql injection

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

6.5CVSS7.3AI score0.00473EPSS
Exploits0References3
OSV
OSV
added 2024/07/11 4:15 p.m.11 views

CVE-2024-6680

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...

9.8CVSS6.3AI score0.00473EPSS
Exploits0References3
NVD
NVD
added 2024/07/11 4:15 p.m.32 views

CVE-2024-6680

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...

9.8CVSS0.00473EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.4 views

my-springsecurity-plus Security Vulnerabilities

my-springsecurity-plus is a SpringBoot and SpringSecurity based RBAC backend privilege management system by codermy individual developer. A security vulnerability exists in my-springsecurity-plus prior to 2024.07.03, which stems from some unknown functionality in file/api/dept, where manipulation...

9.8CVSS7.4AI score0.00473EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/11 12:0 a.m.9 views

PT-2024-37796 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: witmy my-springsecurity-plus up to 2024-07-04 Description: A critical issue was found in the software, affecting an unknown functionality of the file "/api/dept/build". The manipulation of the params.dataScope argument leads to SQL injection...

6.5CVSS7AI score0.00473EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.4 views

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in the file /api/dept/buil...

9.8CVSS7.9AI score0.00473EPSS
Exploits0References4
Hacker One
Hacker One
added 2024/07/06 9:57 a.m.25 views

U.S. Dept Of Defense: Cross Site Scripting

The researchers discovered a cross-site scripting XSS vulnerability on the www.███.██████████ website. The vulnerability was found to only work in the Firefox browser. The affected product and version were not specified. No CVE numbers were provided. The vulnerability allowed for the execution of...

6AI score
Exploits0
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.4 views

J2EEFAST 安全漏洞

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version exists SQL injection vulnerability , the vulnerability stems from the getDeptList function in the...

9.8CVSS8.2AI score0.00557EPSS
Exploits0References2
Hacker One
Hacker One
added 2024/04/25 3:55 p.m.66 views

U.S. Dept Of Defense: reflected xss [CVE-2020-3580]

The application was vulnerable to cross-site scripting XSS due to insufficient input validation. This allowed an attacker to inject malicious scripts that could be executed in the victim's browser...

6.1CVSS5.9AI score0.85439EPSS
Exploits2
Hacker One
Hacker One
added 2024/03/31 2:54 a.m.8 views

U.S. Dept Of Defense: Missing Access Control Allows for User Creation and Privilege Escalation

The RSI Test Environment application had a vulnerability that allowed unauthenticated users to create new user accounts and grant them administrator privileges. This provided unauthorized access to restricted information and documents within the application...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2024/03/08 1:52 p.m.24 views

U.S. Dept Of Defense: CVE-2021-39226 Discovered on endpoint https://██████/api/snapshots

CVE-2021-39226 was discovered in Grafana, where authenticated and unauthenticated users were able to view and delete snapshots by accessing specific endpoints. The vulnerability allowed for unauthorized access and deletion of snapshot data...

9.8CVSS8.2AI score0.99888EPSS
Exploits1
Hacker One
Hacker One
added 2024/02/11 6:3 p.m.28 views

U.S. Dept Of Defense: DBMS information getting exposed publicly on -- [ ██████████ ]

A public file was found that exposed sensitive data from the website's database, including hashed user information and other configuration details. The file contained SQL statements that could be used to access the database, potentially revealing confidential data...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2024/02/02 9:16 p.m.26 views

U.S. Dept Of Defense: Xss - ███

The parameter 'goal1Costs' was vulnerable to cross-site scripting XSS attack. The vulnerability allowed the attacker to inject malicious JavaScript code into the application, which could be executed by the users viewing the report...

5.9AI score
Exploits0
Hacker One
Hacker One
added 2024/02/02 8:13 p.m.29 views

U.S. Dept Of Defense: Xss Parameter: /<s>/[*]/<s>.css ████████

The request included a cross-site scripting XSS vulnerability in the parameter /\u003cs\u003e//\u003cs\u003e.css. The vulnerability was triggered by including malicious code in the request, which could have been executed when the request was processed...

6.1AI score
Exploits0
Rows per page
Query Builder