227 matches found
CVE-2025-27403
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
CVE-2025-27403 Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries
Ratify is a verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies the user creates. In a Kubernetes environment, Ratify can be configured to authenticate to a private Azu...
Ratify 授权问题漏洞
Ratify is an artifact approval framework CNCF sandbox from Ratify open source. An authorization issue vulnerability exists in Ratify version 1.2.3 and prior to version 1.3.2 that stems from the Azure Authentication Provider not verifying that the target registry is ACR, which could lead to misuse...
CVE-2025-1133 SQL Injection in ChurchCRM EID Parameter via EditEventAttendees.php
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenated into an SQL query without proper...
CVE-2025-1024
ChurchCRM 5.13.0 is affected by a Reflected Cross‑Site Scripting (XSS) in EditEventAttendees.php (EID parameter) that requires administrative privileges. The vulnerability enables an attacker to execute arbitrary JavaScript in a victim’s browser, potentially stealing session cookies, acting on be...
CVE-2025-1024 Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to...
CVE-2025-1024 Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to...
CVE-2025-1024 Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting XSS in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to...
PT-2025-7493 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A boolean-based blind SQL Injection vulnerability exists in the EditEventAttendees functionality, allowing an attacker to execute arbitrary SQL queries. The EID parameter is directly concatenat...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the net/smc module not properly checking the v2extoffset, eidcnt, and ismgidcnt fields when receiving an offer...
Responsive Hotel Site newsletter.php file SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from insufficient input validation of the eid parameter in file /admin/newsletter.php. An attacker can use this vulnerability to obtain sensitive information or...
code-projects Responsive Hotel Site 注入漏洞
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from insufficient input validation of the eid parameter in file /admin/newsletter.php. An attacker can use this vulnerability to obtain sensitive information or...
CVE-2024-12891
A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2024-12890
A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The...
Code-Projects Online Exam Mastering System 注入漏洞
Code-Projects Online Exam Mastering System is a Code-Projects open source online exam system. An injection vulnerability exists in code-projects Online Exam Mastering System version 1.0, which is caused by an SQL injection into the parameter eid...
code-projects Online Exam Mastering System 注入漏洞
Code-Projects Online Exam Mastering System is a Code-Projects open source online exam system. An injection vulnerability exists in code-projects Online Exam Mastering System version 1.0, which is caused by an SQL injection into the parameter eid...
PT-2025-2832
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue concerns the Linux kernel, specifically the net/smc component. When receiving a proposal message in the server, the fields v2 ext offset, eid cnt, and ism gid cnt in the proposal...
CVE-2024-54130 Segmentation Fault in `forwardBundle` Function of ION-DTN BPv7 When Destination EID is `dtn:none` (public)
The NASA’s Interplanetary Overlay Network ION is an implementation of Delay/Disruption Tolerant Networking DTN. A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID EID set to dtn:none is received. This causes the node to become...