3 matches found
CVE-2026-58319 Apache Doris: Improper Authentication in Frontend HTTP API
Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...
CVE-2025-51965
OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting XSS via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface...
Novel-Plus 注入漏洞
Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. An injection vulnerability exists in Novel-Plus version 3.5.0, which stems from improper manipulation of the sort parameter in the /api/front/search/books file, which could lead to an SQL injection attack...