Lucene search
K

115 matches found

Cvelist
Cvelist
added 2026/06/30 3:58 p.m.36 views

CVE-2026-58375 JimuReport 2.5.0 - Unauthenticated Report Export via /jmreport/auto/export

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS0.00458EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 3:58 p.m.20 views

CVE-2026-58375

JimuReport up to version 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication. The handler is annotated @JimuNoLoginRequired, allowing JimuReportTokenInterceptor to skip auth, and the export service streams the rendered report for any supplied report id without verifying t...

8.7CVSS5.9AI score0.00458EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:58 p.m.5 views

CVE-2026-58375

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS5.9AI score0.00458EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 3:58 p.m.6 views

EUVD-2026-40362

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS5.9AI score0.00458EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 7:16 a.m.12 views

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.6 views

EUVD-2026-40264

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:0 a.m.15 views

CVE-2026-9576

CVE-2026-9576 affects the Fluent Booking WordPress plugin (versions before 2.1.2). The vulnerability arises from not verifying ownership of the requested group_id before exporting attendees data via the export endpoint, allowing users with at least the Calendar Manager role to access attendees’ P...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53932

Name of the Vulnerable Software and Affected Versions JimuReport versions prior to 2.5.1 Description The application exposes the POST '/jmreport/auto/export' endpoint without authentication because the handler is annotated with @JimuNoLoginRequired, causing the JimuReportTokenInterceptor to skip...

8.7CVSS6.1AI score0.00458EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/02 12:31 a.m.12 views

EUVD-2018-21952

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 10:16 p.m.9 views

CVE-2018-25431

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

7.1CVSS0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 9:0 p.m.8 views

CVE-2018-25431 No-Cms 1.0 SQL Injection via order_by Parameter

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 9:0 p.m.17 views

CVE-2018-25431

CVE-2018-25431 affects No-CMS 1.0 and describes an SQL injection in the order_by parameter of the manage_privilege export endpoint. An authenticated attacker can submit a crafted POST request to /nocms/main/manage_privilege/index/export with SQL payload in order_by[0] to manipulate database queri...

7.1CVSS5.9AI score0.00273EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

No-CMS SQL注入漏洞

No-CMS is a customizable content management framework developed by Go Frendi Gunawan. Version 1.0 of No-CMS has a SQL injection vulnerability. This vulnerability stems from the orderby parameter in the manageprivilege endpoint, which allows for SQL injection attacks. This could enable authenticat...

7.1CVSS5.7AI score0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40817

Name of the Vulnerable Software and Affected Versions SQLBot versions prior to 1.8.0 Description An Insecure Direct Object Reference IDOR and authorization bypass issue exists in the '/api/v1/datasource/exportDsSchema' and '/api/v1/datasource/uploadDsSchema' endpoints. This allows an attacker to...

8.6CVSS5.8AI score0.00249EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

SQLBot 安全漏洞

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot prior to 1.8.0 contained security vulnerabilities. These vulnerabilities stemmed from cross-workpace IDOR and authorization bypasses in the...

8.6CVSS5.8AI score0.00249EPSS
Exploits1References1
Veracode
Veracode
added 2026/05/11 5:29 p.m.24 views

Directory Traversal

SiYuan is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths in the /export endpoint, which allows an attacker to use double-encoded traversal sequences to read arbitrary files and obtain sensitive information...

9.8CVSS7.3AI score0.01028EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2026/05/06 7:48 p.m.5 views

GHSA-XQ9M-HMP9-FW87 wger: CSV/TSV formula injection in gym member export (first_name/last_name)

Summary The gym member TSV export endpoint in wger writes firstname and lastname profile fields verbatim to TSV cells with no formula-prefix sanitization. Any gym member including newly self-registered users can pre-load a spreadsheet formula into their own profile. When a gym admin later exports...

7.4CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/04/24 6:56 p.m.30 views

CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

7.1CVSS0.00313EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/24 6:56 p.m.4 views

CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

7.1CVSS5.6AI score0.00313EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 8:51 p.m.7 views

GHSA-HJH7-R5W8-5872 SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869)

Summary The fix for CVE-2026-30869 in SiYuan v3.5.10 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding %252e%252e to traverse directories and read arbitrary...

7.1CVSS5.8AI score0.00313EPSS
Exploits0References6
Rows per page
Query Builder