11652 matches found
wtcms 安全漏洞
wtcms is a ThinkPHP-based content management system CMS. A cross-site scripting vulnerability exists in version 1.0 of wtcms, which stems from unprocessed application parameters in the plupload method in the file AssetController.class.php, and can be exploited by an attacker to execute arbitrary...
CVE-2024-48228
An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...
CVE-2024-48234
The CVE-2024-48234 issue affects mipjz 5.0.5. In the push method of app\tag\controller ApiAdminTag.php, the postAddress parameter is not validated and is passed directly to curl_exec, enabling server-side request forgery (SSRF) that can read server files. Red Hat and NVD entries confirm the same ...
CVE-2024-48238
WTCMS 1.0 is vulnerable to SQL Injection in the editpost method of /Admin\Controller\NavControl.class.php via the parentid parameter...
CVE-2023-50310
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...
SSRF via POST /api/proxy
This report is not public...
CVE-2024-50042
In the Linux kernel, the following vulnerability has been resolved: ice: Fix increasing MSI-X on VF Increasing MSI-X value on a VF leads to invalid memory operations. This is caused by not reallocating some arrays. Reproducer: modprobe ice echo 0 /sys/bus/pci/devices/$PFPCI/sriovdriversautoprobe...
CVE-2024-49860
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...
AZL-50833 CVE-2024-49860 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...
DEBIAN-CVE-2024-49860
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...
GHSA-7PP4-388X-2XQJ SQL injection in funadmin
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php...
CVE-2024-49860
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...
CVE-2024-49860 ACPI: sysfs: validate return type of _STR method
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...
CVE-2024-49860 ACPI: sysfs: validate return type of _STR method
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...
FunAdmin SQL注入漏洞
FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which stems from a SQL injection vulnerability in the selectFields parameter of the index method of...
CVE-2024-48231
CVE-2024-48231 affects Funadmin 5.0.2. The vulnerability is an SQL Injection in the backend/auth/Auth.php: the index() method mishandles the selectFields parameter, enabling manipulation of database queries. This is confirmed across multiple sources (Veracode, Snyk, GHSA, OSV, NVD) describing a S...
CVE-2024-48231
Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php...
Schneider Electric EcoStruxure Data Center Expert XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the exportSvg method. Due to...