8 matches found
CVE-2026-54917
CVE-2026-54917 affects SeaweedFS prior to 4.30. The S3 gateway and Iceberg REST catalog gateway construct routers with mux.NewRouter().SkipClean(true); when path cleaning is disabled, a .. segment in URLs can survive routing (example: GET /bucket-A/../evil-bucket/key) and be parsed as a valid buc...
CVE-2021-47824 iDailyDiary 4.30 - Denial of Service (PoC)
iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash...
CVE-2021-47824
CVE-2021-47824 affects iDailyDiary 4.30. A denial-of-service condition occurs when an attacker pastes a 2,000,000-character buffer into the default diary tab name (preferences tab name). This input overflows the field and crashes the application (local vector in the PoC context). Some sources men...
CVE-2023-35041
Cross-Site Request Forgery CSRF vulnerability leading to Local File Inclusion LF in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin = 4.34.0 versions...
CVE-2024-2590
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/selectsend.php, in the 'sdindex' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...
CVE-2023-2800
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
nopCommerce 跨站脚本漏洞
nopCommerce is an open source e-commerce shopping cart software. A reflective cross-site scripting vulnerability exists in the Discount Coupon component in nopCommerce 4.30. An attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...
CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...