CVE-2021-22723

A CWE-79: Improper Neutralization of Input During Web Page Generation Cross-siteScripting through Cross-Site Request Forgery CSRF vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and...

CVE-2021-22377

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious...

CVE-2023-31245

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redire...

EUVD-2021-9523

Malicious code in bioql PyPI...

EUVD-2025-9897

Malicious code in bioql PyPI...

CVE-2024-54660

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the...

CVE-2024-45199

insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code executi...

CVE-2024-55551

An issue was discovered in Exasol JDBC driver before 24.2.1 2024-12-10. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...

CVE-2024-55551

An issue was discovered in Exasol JDBC driver before 24.2.1 2024-12-10. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution...

Apache Linkis Input Validation Error Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

CVE-2024-26579

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick 1, 2 to solve it. 1...

CVE-2024-45627

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

Apache Linkis 安全漏洞

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

PT-2025-19377 · Debian · Request-Tracker4 +1

Name of the Vulnerable Software and Affected Versions: Debian Linux request-tracker4 affected versions not specified Description: The issue concerns a Cross Site Scripting vulnerability via injection of malicious parameters in a search URL. Recommendations: At the moment, there is no information...

CVE-2024-50584 SQL Injection

An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/templateio.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the...

CVE-2024-25724

The vulnerability CVE-2024-25724 affects RTI Connext® Professional versions 5.3.1 through 6.1.0, with a buffer overflow in XML parsing across Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service. The underlying issue allows an attacker to execute code with the privileg...

Apache Inlong Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.7.0 through 1.11.0. The attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick 1, 2 to solve it. 1...

CVE-2024-26579 Apache Inlong JDBC Vulnerability

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick 1, 2 to solve it. 1...

SAP Business Connector 跨站脚本漏洞

SAP Business Connector is a middleware from SAP, Germany. A cross-site scripting vulnerability exists in SAP Business Connector version 4.8, which can be exploited by an attacker to add malicious GET query parameters to a service call to conduct a reflective cross-site scripting attack...

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85617)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow Spark Provider...