GHSA-QV6F-RCV6-6Q3X Improper handling of REST API XML deserialization errors in Jenkins

Jenkins provides XML REST APIs to configure views, jobs, and other items. When deserialization fails because of invalid data, Jenkins 2.274 and earlier, LTS 2.263.1 and earlier stores invalid object references created through these endpoints in the Old Data Monitor. If an administrator discards t...

FUEL CMS SQL注入漏洞

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.11 suffers from a SQL injection vulnerability. The vulnerability can be exploited by an attacker via the 'name' parameter in /fuel/permissions/create/ to compromise an application, access or modify data, or exploit a...