CVE-2023-30788

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people/add endpoint and nickName, description, lastName, middleName and firstName parameter...

Reflected XSS at search_query[] query string

Description Reflected XSS Cross-Site Scripting is a common web security vulnerability that can occur when a user inputs malicious Javascript syntax into the search field. The search function allows users to look for content on the website, and the search keywords are appended to the URL query...

CVE-2023-30613

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

CVE-2023-30613 Kiwi TCMS unrestricted file upload vulnerability

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

Code Injection

apache-airflow-providers-apache-hive is vulnerable to Code Injection. The vulnerability exists because of the improper control of the hook parameters in the library, which allows an attacker to inject and execute malicious code...

Apache Dubbo code issue vulnerability (CNVD-2023-23551)

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A security vulnerability exists i...

Remote Code Execution (RCE)

org.apache.dubbo:dubbo-common is vulnerable to Remote Code Execution RCE. The vulnerability is due to a lack of class validation when deserializing untrusted user input which allows an attacker to upload and execute malicious code...

Apache Dubbo vulnerable to Deserialization of Untrusted Data

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions...

CVE-2023-23638

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions...

Arbitrary Code Execution

vm2 is vulnerable to arbitrary code execution. Improper use of prototype lookup for the WeakMap.prototype.set method allows remote attackers to inject and execute malicious code on the system...

CVE-2022-34482

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

Oracle Linux 8 : ELSA-2022-9067-1: / firefox (ELSA-2022-90671)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90671 advisory. 102.6.0-1.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...

CVE-2022-41669

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3...

CVE-2022-41671

A CWE-89: Improper Neutralization of Special Elements used in SQL Command ‘SQL Injection’ vulnerability exists that allows adversaries with local user privileges to craft a malicious SQL query and execute as part of project migration which could result in execution of malicious code. Affected...

Nokia ASIK AirScale 5G Common System Module 安全漏洞

The Nokia ASIK AirScale 5G Common System Module is a common system unit from Nokia, Finland. A security vulnerability exists in Nokia ASIK AirScale 5G Common System Module version 474021A.101, which stems from a signature check that can be bypassed to allow an attacker to run modified firmware...

Hessian Lite for Apache Dubbo deserialization vulnerability

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...

CVE-2022-39198 Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...

PT-2022-24799 · Apache · Apache Dubbo +1

Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions 2.7.17 and prior Apache Dubbo versions 3.0.11 and prior Apache Dubbo versions 3.1.0 and prior dubbo hessian-lite versions 3.2.12 and earlier Description: A deserialization vulnerability existed in dubbo hessian-lite, whi...

Adobe Photoshop Resource Management Error Vulnerability (CNVD-2023-54548)

Adobe Photoshop is an application developed and distributed by Adobe for image processing. A security vulnerability exists in Adobe Photoshop that could lead to the execution of arbitrary code in the context of the current user. An attacker can exploit the vulnerability to execute malicious code...

CVE-2022-36042 Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execu...