CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

CVE-2025-54620

Deserialization vulnerability of untrusted data in the ability module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-48910

Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2023-41300

Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart...

Code injection

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

PT-2023-27003 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: SES versions 0.13.0 through 0.13.4 SES versions 0.14.0 through 0.14.4 SES versions 0.15.0 through 0.15.23 SES versions 0.16.0 through 0.16.0 SES versions 0.17.0 through 0.17.0 SES versions 0.18.0 through 0.18.6 Description: There is a hole in...

SUSE CVE-2016-1652

Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

SUSE CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

SQL Injection

com.mxpio:jeecg-boot-module-system is vulnerable to SQL injection attacks. An attacker is able to execute arbitrary SQL commands via id and realname parameters in queryUserByDepId function...

Sitadel - Web Application Security Scanner

Sitadel is basically an update for WAScan making it compatible for python = 3.4 It allows more flexibility for you to write new modules and implement new features : Frontend framework detection Content Delivery Network detection Define Risk Level to allow for scans Plugin system Docker image...

CVE-2018-6380

In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system...

CVE-2018-6380

In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system...

CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

UBUNTU-CVE-2016-1672

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

chromium-browser: cross-origin bypass in extension bindings

The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...

CVE-2016-1652

Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

UBUNTU-CVE-2016-1652

Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

chromium-browser: UXSS in blink.

Cross-site scripting XSS vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8contextnativehandler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context...

Security Update for Windows Server 2003 64-bit Itanium Edition (KB901214)

A security issue has been identified in the Color Management Module that could allow an attacker to compromise your Microsoft Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to...