Command Execution Vulnerability in JeecgBoot of Beijing Oberweis Technology Co.

JeecgBoot is an enterprise-grade, low-code platform. JeecgBoot has a command execution vulnerability that can be exploited by an attacker to gain control of the server...

Unspecified Vulnerability in Oracle Application Expresses

Oracle Application Express is the United States Oracle Oracle, a low-code development platform. A security vulnerability exists in the Application Express Customers Plugin for Oracle Application Express, which can be exploited by an attacker to cause the Application Express Customers Plugin to be...

Microsoft Power Apps 安全漏洞

Microsoft Power Apps is a low-code development platform from Microsoft Corporation USA designed to help users easily build customized enterprise applications. A security vulnerability exists in Microsoft Power Apps. An attacker exploited the vulnerability to perform spoofing attacks...

Microsoft Power Apps 安全漏洞

Microsoft Power Apps is a low-code development platform from Microsoft Corporation USA designed to help users easily build customized enterprise-class applications. A security vulnerability exists in Microsoft Power Apps that stems from the presence of a spoofing vulnerability...

Siemens Mendix Forgot Password Module Information Disclosure Vulnerability

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. An information disclosure vulnerability exists in the Siemens Mendix Forgot Password module. The vulnerability stems from the fact that the...

CVE-2023-29010

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 07 March 2023 are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action...

CVE-2023-29010

CVE-2023-29010 affects Budibase: versions prior to 2.4.3 are vulnerable to Server-Side Request Forgery (SSRF) that can lead to exposure of an AWS secret key. The advisory notes that Budibase cloud users need to take no action, while self-hosted deployments on public internet with metadata-accessi...

Jeecg-Boot SQL注入漏洞

Jeecg-Boot is a low-code platform based on a code generator from the JeecgBoot community. Jeecg-Boot version 3.5.0 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to perform a sql injection attack...

jeecg-boot suffers from a SQL injection vulnerability (CNVD-2022-43846)

JeecgBoot is a low-code BPM-based platform. jeecg-boot suffers from a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive information about a database...

Jeecg-Boot Cross-Site Scripting Vulnerability

Jeecg-Boot is a low-code platform based on the code generator from the JeecgBoot community. Jeecg-Boot 3.0 has a security vulnerability that stems from a cross-site script in /jeecg-boot/jmreport/view that causes a mouse hover event. No details of the vulnerability are currently available...

Siemens Mendix incorrect access control vulnerability

Siemens Mendix is a low-code application development platform from Siemens, Germany. The platform provides application development, testing, deployment, and iteration capabilities. Siemens Mendix contains a security vulnerability that could be exploited by an attacker to retrieve information abou...

Siemens Mendix 安全特征问题特征问题漏洞

Siemens Mendix is a low-code application development platform from Siemens, Germany. The platform provides application development, testing, deployment, and iteration capabilities. Siemens Mendix contains a security vulnerability that could be exploited by an attacker to retrieve information abou...

Jeecg-boot SQL Injection Vulnerability

Jeecg-Boot is a low-code platform based on the code generator from the JeecgBoot community. Jeecg-boot is vulnerable to SQL injection, which stems from a code parameter in /sys/user/queryUserComponentData that was found to be vulnerable to SQL injection. No detailed vulnerability details are...

JeecgBoot SQL Injection Vulnerability

JeecgBoot is a Java low-code platform for enterprise Web applications in China. A SQL injection vulnerability exists in JeecgBoot version 3.0, which stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to...

Siemens Mendix incorrect authorization vulnerability

Siemens Mendix is a low-code application development platform from Siemens, a German company that provides application development, testing, deployment and iteration. The platform provides application development, testing, deployment and iteration. Siemens Mendix contains a security vulnerability...

Siemens Mendix Information Disclosure Vulnerability

A security vulnerability exists in Siemens Mendix, a low-code application development platform from Siemens, Germany. The vulnerability stems from the fact that applications built with the affected version of Mendix Studio Pro do not prevent the caching of file documents when opening or downloadi...

Siemens Mendix Access Check Bypass Vulnerability

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. A security vulnerability exists in Siemens Mendix, which can be exploited by an attacker to bypass write access checks on properties of the...

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment and iteration. A security vulnerability exists in Siemens Mendix, which can be exploited by an attacker to bypass write access checks on properties of the...

SQL Injection Vulnerability in Jeecg Boot of Beijing Guo Torch Information Technology Co.

Jeecg Boot is a low-code BPM-based platform. A SQL injection vulnerability exists in Jeecg Boot, which can be exploited by an attacker to obtain sensitive database information...

Microsoft Teams: Very Bad Tabs Could Have Led to BEC

Attackers could have stepped through a yawning security hole in the Microsoft Teams chat service that would have let them masquerade as a targeted company’s employee, by reading and sending email on their behalf. On Monday, Tenable’s Evan Grant explained in a post that he found the bug in Microso...