221474 matches found
EUVD-2026-42281
A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...
EUVD-2026-42234
A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The...
CVE-2026-15036
A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...
CVE-2026-15036 Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization
A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...
CVE-2026-15036
CVE-2026-15036 affects Harness up to 2.28.2 in the gitspaces Endpoint, specifically the getAuthorizedSpaces function (file app/api/controller/gitspace/list_all.go). A manipulation vulnerability can bypass authorization, with remote execution possible. Public exploitation has been disclosed, and t...
CVE-2026-15034
A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
Ivanti Connect Secure - XXE
Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. id: CVE-2023-39110 info: name: rConfig 3.9.4 - Server-Side...
Cobbler 'XML-RPC' - Authentication Bypass
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...
Joomla! Component WMI 1.5.0 - Local File Inclusion
A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface aka WMI or comwmi component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1607 info: name: Joomla!...
Joomla! Component JA Comment - Local File Inclusion
A directory traversal vulnerability in the JA Comment comjacomment component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php. id: CVE-2010-1601 info: name: Joomla! Component JA Comment - Local File Inclusion author: daffainfo severit...
Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
A directory traversal vulnerability in the iNetLanka Multiple root commultiroot component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1954 info: name: Joomla! Component iNetLanka Multiple root 1.0 ...
Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
A directory traversal vulnerability in the Deluxe Blog Factory comblogfactory component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1955 info: name: Joomla! Component Deluxe Blog Factory 1.1.2 - Local Fi...
Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
A directory traversal vulnerability in the Ultimate Portfolio comultimateportfolio component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1659 info: name: Joomla! Component Ultimate Portfolio 1.0 - Local Fi...
Joomla! Component SmartSite 1.0.0 - Local File Inclusion
A directory traversal vulnerability in the SmartSite comsmartsite component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1657 info: name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion author:...
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
A directory traversal vulnerability in the PicSell compicsell component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the dflink parameter in a prevsell dwnfree action to index.php. id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File...
Joomla! Component Canteen 1.0 - Local File Inclusion
A SQL injection vulnerability in menu.php in the Canteen comcanteen component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. id: CVE-2010-4977 info: name: Joomla! Component Canteen 1.0 - Local File Inclusion author: daffainfo...
Joomla! Component Jstore - 'Controller' Local File Inclusion
A directory traversal vulnerability in Jstore comjstore component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller...
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
A directory traversal vulnerability in the Jimtawl comjimtawl component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. dot dot in the task parameter to index.php. id: CVE-2010-4769 info: name: Joomla! Component Jimtawl 1.0.2 - Local...
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
A directory traversal vulnerability in jphone.php in the JPhone comjphone component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-3426 info: name: Joomla! Component Jphone 1.0...