11635 matches found
CVE-2024-57761
Summary (CVE-2024-57761) The JeeWMS application contains an arbitrary file upload vulnerability in the parserXML() method that can lead to remote code execution. Affected lineage is JeeWMS versions prior to 2025.01.01; exploitation involves uploading a crafted file to trigger arbitrary code execu...
Adobe Animate 数字错误漏洞
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Animate that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...
PT-2025-3148 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
PT-2025-3149 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
PT-2025-2621 · Hcl · Hcl Myxalytics
Name of the Vulnerable Software and Affected Versions: HCL MyXalytics affected versions not specified Description: The issue allows cyber-criminals to exploit a session fixation vulnerability by sending crafted URLs with a session token to access the victim's login session. Recommendations: At th...
OESA-2025-1030 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
CVE-2024-54762
Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...
CVE-2024-54762
Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...
Moderate: Red Hat Security Advisory: tuned security update
An update for tuned is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
CVE-2023-24012 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
DEBIAN-CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
UBUNTU-CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
RuoYi 安全漏洞
RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi v.4.7.9 and earlier versions, which is caused by the ilterKeyword method not completely filtering SQL injected keywords...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Swift Mailer, which stems from the inclusion of an Expose Danger method or feature vulnerability...
CVE-2024-54762
CVE-2024-54762 affects Ruoyi v4.7.9 and earlier. The root cause is in the filterKeyword method, which does not fully filter SQL injection keywords, enabling an authenticated SQL injection risk. The CVSS 3.1 base score is 6.3 (MEDIUM) with network attack vector, low impacts to confidentiality/inte...
PT-2025-3068 · Ruoyi · Ruoyi
Name of the Vulnerable Software and Affected Versions: Ruoyi versions 4.7.9 and earlier Description: The issue is related to an authenticated SQL injection risk. This occurs because the filterKeyword method does not fully filter SQL injection keywords, leading to a potential SQL injection risk...
CVE-2024-54762
Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...