11 matches found
EUVD-2026-25889
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...
EUVD-2016-1803
Malware in sbrugna...
EUVD-2022-4918
Malicious code in bioql PyPI...
SUSE CVE-2018-18544
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31...
CVE-2022-24992
A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal...
CVE-2022-32056
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php...
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
SourceCodester Water Billing System SQL Injection Vulnerability
SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...
jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
jenkins-script-security-plugin: cross-site scripting vulnerability due to configure sandboxed scripts
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability...
CVE-2017-1000505
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...