11618 matches found
CVE-2025-14190
A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...
CVE-2025-14190 Chanjet TPlus sql injection
A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...
CVE-2025-14190 Chanjet TPlus sql injection
A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...
Fixed in Apache Tomcat 9.0.113
Low: Security constraint bypass CVE-2026-24733 Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification invalid HEAD...
CVE-2025-27935
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotatio...
CVE-2025-27935
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...
CVE-2025-27935
The CVE-2025-27935 issue concerns the OTP Integration Kit for PingFederate. According to connected sources, it fails to enforce HTTP method validation and state validation, allowing the server to advance authentication without verifying the OTP and effectively bypassing multi-factor authenticatio...
EUVD-2025-201281
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...
CVE-2025-27935 Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions...
org.springframework.security/spring-security-core: Spring Security authorization bypass
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...
Ping Identity One-Time Passcode Integration Kit for PingFederate 安全漏洞
Ping Identity One-Time Passcode Integration Kit for PingFederate is a suite of software tools and adapters from Ping Identity USA. A security vulnerability exists in Ping Identity One-Time Passcode Integration Kit for PingFederate that stems from not properly validating the HTTP method and state,...
PT-2025-49017
Name of the Vulnerable Software and Affected Versions Seafile version 12.0.10 Description A stored Cross-Site Scripting XSS issue exists in Seafile. This allows an attacker to execute arbitrary code in a victim’s browser. The issue is caused by storing malicious payloads with the name parameter i...
PT-2025-49136
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication...
EUVD-2024-32452
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
CVE-2024-3884
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
Exposed Dangerous Method or Function
Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...
Exposed Dangerous Method or Function
Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...
Unbreakable Enterprise kernel security update
5.15.0-314.193.5.5 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705933 CVE-2025-40019...