CVE-2026-8114 JeecgBoot JSON Object loadTreeData sql injection

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The explo...

CVE-2026-8114

CVE-2026-8114 affects JeecgBoot up to 3.9.1, targeting the file path /sys/dict/loadTreeData in the JSON Object Handler. The vulnerability stems from manipulation of an input argument in that function, enabling SQL injection. The issue is remote in nature, with a publicly available exploit noted i...

CVE-2026-41145

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

CVE-2026-41145

MinIO contains an authentication bypass in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path, affecting releases prior to RELEASE.2026-04-11T03-20-12Z. An attacker with a valid access key (including default minioadmin or any key with WRITE on a bucket) can write objects to any bucket without a val...

CVE-2026-41145 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

Improper Authentication

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Improper Authentication via the PutObjectHandler and PutObjectPartHandler function. An attacker can gain unauthorized write access to...

Missing Authentication for Critical Function

Overview github.com/minio/minio/cmd is an open source object storage server compatible with Amazon S3 APIs. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the PutObjectExtractHandler, PutObjectHandler, and PutObjectPartHandler function. An...

CVE-2023-7333

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...

GHSA-P3JP-7GJ7-H6PR records-mover Injection vulnerability

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...

SQL Injection

Overview records-mover is a Records mover is a command-line tool and Python library you can use to move relational data from one place to another. Affected versions of this package are vulnerable to SQL Injection via the Table Object Handler component. An attacker can execute arbitrary SQL comman...

CVE-2023-7333 bluelabsio records-mover Table Object sql injection

A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...

CVE-2023-7333

The CVE-2023-7333 issue affects bluelabsio/records-mover

PT-2026-1689

Name of the Vulnerable Software and Affected Versions bluelabsio records-mover versions up to 1.5.4 Description A weakness exists in bluelabsio records-mover. The issue is related to a SQL injection affecting the Table Object Handler component through an unknown function. Exploitation requires...

CVE-2025-7216

A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to...

CVE-2025-7216

A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to...

CVE-2025-7216 lty628 Aidigu PHP Object common.php checkUserCookie deserialization

A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to...

CVE-2025-7216

CVE-2025-7216 affects lty628 Aidigu versions up to 1.8.2. The vulnerability resides in the PHP Object Handler's file /application/common.php, specifically the function checkUserCookie, where manipulating the rememberMe argument leads to deserialization. This allows remote exploitation and, per so...

CVE-2025-7216 lty628 Aidigu PHP Object common.php checkUserCookie deserialization

A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to...

CVE-2025-5321 aimhubio aim run_view Object query.py RestrictedPythonQuery privilege escalation

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component runview Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack c...

CVE-2023-2220

A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier...