HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from an inadequate cleanup policy that could lead to client-side script injection...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from an inadequate default configuration that allows anonymous access to directory information...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. A security vulnerability exists in HCL Leap, which stems from the lack of a no cache header, which could lead to user directory information being cached...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from an insufficient whitelisting of the URI protocol, which allows scripts to be injected via query parameters...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap suffers from a security vulnerability that stems from the lack of a no cache header, which could lead to sensitive data being cached...

HCL Leap 安全漏洞

HCL Leap is a low-code development platform from HCL India. HCL Leap has a security vulnerability that stems from multiple vectors that allow injection of client-side scripts in the authoring environment and deployed applications...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot version v.3.7.2, which originated from the inclusion of a SQL injection vulnerability that allows remote attackers to obtain sensitive information vi...

Scriptcase 安全漏洞

Scriptcase is a low-code platform for rapid application development from Scriptcase, Inc. A security vulnerability exists in Scriptcase v9.10.023 and earlier versions that stems from vulnerability to cross-site scripting XSS attacks...

CVE-2024-7071

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection.This issue affects Brain Low-Code: before 2.1.0...

CVE-2024-7071

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0...

CVE-2024-7071

The issue is a SQL Injection vulnerability in Brain Low-Code (Hibernate component) caused by improper neutralization of special elements in SQL commands. Affected versions are Brain Low-Code before 2.1.0. The vulnerability arises within the Hibernate integration, enabling unauthenticated SQL inje...

CVE-2024-7071 Unauthenticate SQLi in Brain Information Technologies' Brain Low-Code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection. This issue affects Brain Low-Code: before 2.1.0...

Brain Low-Code SQL注入漏洞

Brain Low-Code is a software development platform from Brain Low-Code that requires little to no coding to build applications and processes. An SQL injection vulnerability exists in versions of Brain Low-Code prior to 2.1.0. No information about this vulnerability is available at this time, so st...

PT-2024-38060 · Unknown +1 · Brain Low-Code +1

Name of the Vulnerable Software and Affected Versions: Brain Low-Code versions prior to 2.1.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability affects the Hibernate component in Brain...

MindsDB Cross-Site Scripting Vulnerability (CNVD-2024-26182)

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. MindsDB suffers from a cross-site scripting vulnerability. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute...

IBM Cloud Pak for Automation CSV Injection Vulnerability

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from International Business Machines IBM. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and...

PandaX Code Issues Vulnerabilities

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A code issue vulnerability exists in PandaX version 20240310 and prior versions, which stems from an incorrect manipulation of the parameter file can lead to unrestricted file...

PandaX SQL Injection Vulnerability

PandaX is PandaX open source a Go language open source low-code development framework for enterprise IoT platforms. An SQL injection vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the fact that incorrect manipulation of the parameter roleKey can lead to sql...

Unmasking the Dark Side of Low-Code/No-Code Applications

Low-code/no-code LCNC and robotic process automation RPA have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microso...

jeecg-boot Security Vulnerabilities

Jeecg-Boot is a code generator based low-code platform from the JeecgBoot community. A security vulnerability exists in jeecg-boot version v.3.6.0, which stems from the presence of a directory traversal vulnerability. An attacker can exploit the vulnerability to obtain sensitive information throu...