4421 matches found
Ichitaro 2022 安全漏洞
JustSystems Ichitaro is a Japanese word processing software from JustSystems. A security vulnerability exists in Ichitaro 2022 version 1.0.1.57600, which stems from an invalid release vulnerability that can be exploited by an attacker to cause memory corruption by releasing the stack pointer via...
CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain...
GHSA-6RFV-H5V8-CJ7G jeecg-boot vulnerable to improper authentication
A vulnerability was found in jeecg-boot 3.5.0 that affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication because the software does not prove or insufficiently proves that an identity claim is correct when an actor claims to have a...
jeecg-boot vulnerable to improper authentication
A vulnerability was found in jeecg-boot 3.5.0 that affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication because the software does not prove or insufficiently proves that an identity claim is correct when an actor claims to have a...
CVE-2023-1784
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
Authentication flaw
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2023-1784 jeecg-boot API Documentation improper authentication
A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2023-1784
CVE-2023-1784 (jeecg-boot 3.5.0) is described across multiple connected sources as a critical issue involving improper authentication in the API Documentation processing. The root cause is not fully detailed in the provided documents, but the vulnerability enables remote exploitation and is assoc...
Malicious code in sa-club-documentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec22686cd96cc265b760943a47162bbd00a00c3ca60478a5388cd11b84fcbff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-752 Malicious code in sa-club-documentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec22686cd96cc265b760943a47162bbd00a00c3ca60478a5388cd11b84fcbff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2023-17242 · Unknown · Jeecg-Boot
Name of the Vulnerable Software and Affected Versions: jeecg-boot version 3.5.0 Description: A critical issue affects some unknown processing of the component API Documentation, leading to improper authentication because the software does not properly prove or insufficiently proves that an identi...
Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-1471)
Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to [X-Force 247595]
Summary Encode Starlette is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service. This bulletin provides patch information to...
Security Bulletin: IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service due to libarchive [CVE-2017-14166]
Summary libarchive is present in the IBM App Connect Enterprise Certified Container images as part of the base operating system. IBM App Connect Enterprise Certified Container images may be vulnerable to denial of service. This bulletin provides patch information to address the reported...
GitHub accidentally exposes RSA SSH key
Late last week, GitHub tweeted that it had replaced its RSA SSH "out of an abundance of caution," after accidentally exposing the key on a publicly accessible repository. How the accidental exposure managed to happen is unknown, but it means that anyone that happened to notice it and was able to...
CVE-2023-27637
creationtimestamp| type| source ---|---|--- 2023-03-22 15:35:50+00:00| exploited| https://t.me/cibsecurity/60441 2025-05-29 13:34:23+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-27637.yaml 2025-05-30 21:02:20+00:00| seen|...
Python CGI Documentation Cross Site Scripting
Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS cross site scripting https://docs.python.org/3/library/cgi.html form = cgi.FieldStorage print"name:", form"name".value print"addr:", form"addr".value First result on google fo...
SUSE-SU-2023:0794-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats bsc1199756. - Update in SLE-15 bsc1199282, jscPM-3243, jscSLE-24629 - Update to 2.4.0 bsc1199756 - Explicit check the key for ECAlgorithm - Don't use implicit...
GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data
This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...
Incorrect validation of the result of the transfer * transferFrom method call. Failure to comply with the ERC20 standard
Lines of code Vulnerability details Impact Inability to use ERC20 standard tokens. As an example of the future LP token Proof of Concept According to the ERC-20 standard, the transfer and transferFrom methods return true or false, but looking at the code we see that:...