1077 matches found
PT-2026-24843
Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions prior to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Description A security issue exists in xierongwkhd weimai-wetapp. The getAdmins function within the file source-code/src/main/java/com/moke/wp/wx...
PT-2026-24663
Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under certain circumstances...
weimai-wetapp SQL注入漏洞
Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...
Improper Check for Unusual or Exceptional Conditions
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the Utils class. An attacker can bypass configured keyword...
EUVD-2026-10547
Parse Server has denylist requestKeywordDenylist keyword scan bypass through nested object placement...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.12 and 9.5.1-alpha.1. These vulnerabilities stemmed from logical flaws in the...
PT-2026-24187
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.12 Parse Server versions prior to 9.5.1-alpha.1 Description A logic flaw in the requestKeywordDenylist security control allows bypassing restrictions by placing nested objects or arrays before prohibited...
CVE-2026-3672
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the isExistSqlInjectKeyword function. An attacker can execute unauthorized SQL commands by submitting crafted input to this endpoint. Remediation There is no fixed version for...
CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...
CVE-2025-52476
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
CVE-2025-52475
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
CVE-2025-52475
CVE-2025-52475 affects Chamilo LMS before 1.11.30. A reflected XSS exists in the admin/user_list.php endpoint where the keyword_inactive parameter is not properly sanitized, allowing an attacker to inject JavaScript via a crafted URL. The issue is patched in version 1.11.30. No exploitation detai...
EUVD-2025-208176
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
CVE-2025-52476
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...
CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...
CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...