Lucene search
K

18 matches found

Github Security Blog
Github Security Blog
added 2026/05/06 12:30 p.m.11 views

Apache Wicket has a Path Traversal issue

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/06 10:16 a.m.14 views

CVE-2026-43975

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS0.00732EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 8:28 a.m.25 views

CVE-2026-43975

CVE-2026-43975 affects Apache Wicket via the FolderUploadsFileManager, which fails to validate or sanitize the uploadFieldId parameter or the clientFileName when constructing file paths. This can let an unauthenticated attacker write files outside the intended upload directory or read files from ...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

Apache Wicket 路径遍历漏洞

Apache Wicket is an open-source, lightweight, component-based framework developed by the Apache Foundation in the United States. It provides an object-oriented approach for developing web-based dynamic UI applications. Versions 8.0.0 to 8.17.0, 9.0.0 to 9.22.0, and 10.0.0 to 10.8.0 of Apache Wick...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.15 views

CVE-2025-6251

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item'fieldid' in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/19 6:31 a.m.4 views

EUVD-2025-198115

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item'fieldid' in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS4.6AI score0.00162EPSS
Exploits0References3
NVD
NVD
added 2025/11/19 4:16 a.m.5 views

CVE-2025-6251

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item'fieldid' in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47425

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via $item'field id' in all versions up to, and including, 1.7.1036 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-47872

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00894EPSS
Exploits1References2
NVD
NVD
added 2025/09/04 12:15 p.m.4 views

CVE-2025-41043

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAppReportCodeid' and 'dataAppReportCodename' parameters in /apprain/appreport/manage/...

5.4CVSS0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.9 views

CVE-2022-44945

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the headingfieldid parameter...

9.8CVSS8.3AI score0.00894EPSS
Exploits1References1
OSV
OSV
added 2022/12/02 8:15 p.m.3 views

CVE-2022-44945

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the headingfieldid parameter...

9.8CVSS5.8AI score0.00894EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.2 views

PT-2022-27344 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A SQL injection issue was discovered via the heading field id parameter. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world...

9.8CVSS9.7AI score0.00894EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.4 views

Rukovoditel SQL注入漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from through the headingfield...

9.8CVSS8.5AI score0.00894EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.3 views

Product Show Room Site SQL注入漏洞

Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to a SQL injection vulnerability that originates in /psrs/admin/fields/managefield.php?id=page. SQL injection problem, an attacker can use this...

7.2CVSS6AI score0.00888EPSS
Exploits1References2
OSV
OSV
added 2021/08/17 8:15 p.m.5 views

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...

8.8CVSS6.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/17 12:0 a.m.6 views

PT-2021-9654 · Unknown · Rukovoditel Project Management App

Name of the Vulnerable Software and Affected Versions: Rukovoditel Project Management App version 2.7.2 Description: An exploitable SQL injection issue exists in the 'entities/fields' page. The heading field id parameter in this page is vulnerable to authenticated SQL injection. An attacker can...

8.8CVSS6.2AI score0.00968EPSS
Exploits1References2
OSV
OSV
added 2018/01/25 11:29 p.m.3 views

CVE-2016-10710

Biscom Secure File Transfer SFT 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix...

8.1CVSS5.8AI score0.01134EPSS
Exploits1References1
Rows per page
Query Builder