EUVD-2026-30694

A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. Th...

Idno 操作系统命令注入漏洞

Idno is a social content publishing platform developed by Idno OpenSource. Versions of Idno prior to 1.6.4 contained a vulnerability related to operating system command injection. This vulnerability stemmed from write operations on linked import files and path traversal through templates, which...

CVE-2021-47912

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...

EUVD-2021-34759

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...

CVE-2021-47912 PHP Melody 3.0 Non-Persistent Cross-Site Scripting via Multiple Parameters

PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions...

PHPSUGAR PHP Melody 跨站脚本漏洞

PHPSUGAR PHP Melody is a content management system developed by PHPSUGAR. The PHPSUGAR PHP Melody 3.0 version has a cross-site scripting vulnerability. This vulnerability stems from multiple non-persistent cross-site scripting vulnerabilities present in category, import, and user import files,...

CVE-2021-22201

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server...

EUVD-2021-30708

Malicious code in bioql PyPI...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the /3/ImportFiles endpoint. An attacker can cause the server to repeatedly call its own endpoint, eventually filling up the request queue and leaving the server unable to handle other requests by recursively...

CVE-2023-6038

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

Cross-site Request Forgery Vulnerability in Import Files Function of Multiple Siemens Products

Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site request forgery vulnerability exists in several Siemens products, stemming from a lack of validation of anti-CSRF tokens or other source checks in the Import Files feature of the "Operation" Web...

CVE-2022-40180

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

CVE-2022-40178

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

CVE-2022-40180

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

CVE-2022-40178

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

多款Siemens产品跨站请求伪造漏洞

Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site request forgery vulnerability exists in several Siemens products, stemming from a lack of validation of anti-CSRF tokens or other source checks in the Import Files feature of the "Operation" Web...

Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed https://youtu.be/kTMg65teTvU Create ...

PatrOwl privilege management error vulnerability

PatrOwl is a scalable, free and open source solution for orchestrating secure operations. patrOwl is vulnerable to a privilege management error, which could be exploited by an attacker to download all lookup import files...

CVE-2021-43828

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management IDOR has been found in PatrowlManager. All imports findings file is placed under /media/imports// In that, ownerid is predictable and tmpfile is in format o...

PatrOwl 安全漏洞

PatrOwl is a scalable, free and open source solution for orchestrating secure operations. patrOwl is vulnerable to a privilege management error, which could be exploited by an attacker to download all lookup import files...