16 matches found
CVE-2026-44836
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...
CVE-2025-70974
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
EUVD-2024-54615
Malicious code in bioql PyPI...
Private Data Structure Returned From A Public Method
github.com/apache/answer, is vulnerable to Private Data Structure Returned From A Public Method. The vulnerability is due to the application allowing external content to be loaded without restriction, allowing an attacker to track or identify users by collecting their IP addresses through...
CVE-2025-29868
Private Data Structure Returned From A Public Method vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.2. If a user uses an externally referenced image, when a user accesses this image, the provider of the image may obtain private information about the ip address of th...
Private Data Structure Returned From A Public Method
Overview Affected versions of this package are vulnerable to Private Data Structure Returned From A Public Method. When a user accesses an externally referenced image, the provider of the image may obtain private information about the IP address of that accessing user. Remediation Upgrade...
Private Data Structure Returned From A Public Method
Overview Affected versions of this package are vulnerable to Private Data Structure Returned From A Public Method. When a user accesses an externally referenced image, the provider of the image may obtain private information about the IP address of that accessing user. Remediation Upgrade...
Apache Answer 安全漏洞
Apache Answer is a community platform of the Apache USA Foundation. An information disclosure vulnerability exists in Apache Answer 1.4.2 and earlier versions, which stems from a public method returning a private data structure, and can be exploited by an attacker to cause IP address disclosure...
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public remember method in the Laravel\Pulse\Livewire\Concerns\RemembersQueries trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within t...
PT-2024-22316
Name of the Vulnerable Software and Affected Versions turbo boost-commands versions prior to 0.1.3 turbo boost-commands versions prior to 0.2.2 Description TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the...
PT-2022-25776 · Sap · Sap Basis
Name of the Vulnerable Software and Affected Versions: SAP BASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791 Description: The issue allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provid...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4, which stems from an unknown part of its mp4edit component that allows an attacker to implement a memory leak. The attack method is publicly available and can be initiated remotely an...
Malicious code in public-method-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 56b29a42144105852972b71aeec148bf0858f37aab6727068d76a4ac0c92cf91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Anyone can affect deposits of any user and turn the owner of the token
Handle adelamo Vulnerability details Impact On RCTreasury, we have the method collectRentUser. This method is public, so anyone can call it using whatever user and whatever timestamp. So, calling this method using user = XXXXX and timeToCollectTo = typeuint256.max, would make isForecloseduser =...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API
A flaw was found in Wildfly, where the embedded managed process API has an exposed setting of the Thread Context Classloader TCCL. This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality...