4 matches found
CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...
The vulnerability in the virtual training environment Moodle, related to insufficient data cleaning, allows a malicious user to execute arbitrary SQL queries in the database.
The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of data provided by users in the external Wiki method for listing pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries in the database...
Karmasis Infraskope Agent 访问控制错误漏洞
Karmasis Infraskope Agent is an application logger from Karmasis. An Access Control Error vulnerability exists in Karmasis Infraskope Agent versions prior to 7.10.00, which stems from improper access control in the application and can be exploited by an attacker to corrupt the page listing the...
cxf: reflected XSS in the services listing page
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...