43 matches found
EUVD-2024-47731
Malicious code in bioql PyPI...
EUVD-2024-47730
Malicious code in bioql PyPI...
EUVD-2024-47732
Malicious code in bioql PyPI...
EUVD-2024-47727
Malicious code in bioql PyPI...
CVE-2024-6680
A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...
CVE-2024-6679
A vulnerability classified as critical has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected is an unknown function of the file /api/role. The manipulation of the argument params.dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has be...
CVE-2024-40542
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...
CVE-2024-40539
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...
CVE-2024-40540
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...
CVE-2024-6681
A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...
CVE-2024-6676
A vulnerability has been found in witmy my-springsecurity-plus up to 2024-07-03 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/user. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched...
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
CVE-2024-40539
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
CVE-2024-40540
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
CVE-2024-40539
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...
CVE-2024-40540
CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...
CVE-2024-40541
my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...
PT-2024-28906 · Unknown · My-Springsecurity-Plus
Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...