Lucene search
K

8 matches found

CVE
CVE
added 2026/06/25 6:41 p.m.19 views

CVE-2026-54917

CVE-2026-54917 affects SeaweedFS prior to 4.30. The S3 gateway and Iceberg REST catalog gateway construct routers with mux.NewRouter().SkipClean(true); when path cleaning is disabled, a .. segment in URLs can survive routing (example: GET /bucket-A/../evil-bucket/key) and be parsed as a valid buc...

10CVSS5.9AI score0.00345EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/16 7:9 p.m.21 views

CVE-2021-47824 iDailyDiary 4.30 - Denial of Service (PoC)

iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash...

7.5CVSS0.00304EPSS
Exploits0References3
CVE
CVE
added 2026/01/16 7:9 p.m.11 views

CVE-2021-47824

CVE-2021-47824 affects iDailyDiary 4.30. A denial-of-service condition occurs when an attacker pastes a 2,000,000-character buffer into the default diary tab name (preferences tab name). This input overflows the field and crashes the application (local vector in the PoC context). Some sources men...

7.5CVSS6.5AI score0.00304EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.8 views

CVE-2023-35041

Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...

8.8CVSS7AI score0.00316EPSS
Exploits0
OSV
OSV
added 2024/03/18 2:15 p.m.6 views

CVE-2024-2590

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/selectsend.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

7.5CVSS5.9AI score0.00523EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/05/18 5:15 p.m.3 views

CVE-2023-2800

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...

4.7CVSS5.8AI score0.00282EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.7 views

nopCommerce 跨站脚本漏洞

nopCommerce is an open source e-commerce shopping cart software. A reflective cross-site scripting vulnerability exists in the Discount Coupon component in nopCommerce 4.30. An attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...

6.1CVSS6.3AI score0.01101EPSS
Exploits1References2
OSV
OSV
added 2020/08/12 5:15 p.m.6 views

CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

8.8CVSS7.4AI score0.82165EPSS
Exploits4References2
Rows per page
Query Builder