807 matches found
Sylius 输入验证错误漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a vulnerability related to input validation. This vulnerability arises from multiple controllers directly using the HTTP Referer header for redirection, which can lead t...
PT-2026-24473
Name of the Vulnerable Software and Affected Versions Sylius versions prior to 1.9.12 Sylius versions prior to 1.10.16 Sylius versions prior to 1.11.17 Sylius versions prior to 1.12.23 Sylius versions prior to 1.13.15 Sylius versions prior to 1.14.18 Sylius versions prior to 2.0.16 Sylius version...
PT-2026-41143
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description The authentication middleware accepts JSON Web Tokens JWT...
FUXA has JWT Authentication Bypass via HTTP Referer header spoofing
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...
Authentication Bypass Using an Alternate Path or Channel
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via improper validation of the Referer header in the authentication process. An unauthorized attacker...
GHSA-4R4R-4JP4-WWF9 FUXA has JWT Authentication Bypass via HTTP Referer header spoofing
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...
CVE-2025-69985
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...
CVE-2025-69985
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution RCE. The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer" header to validate internal requests. A remote unauthenticated attacker can...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Versions of FUXA 1.2.8 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass mechanism. The server/api/jwt-helper.js middleware improperly trusted the HTTP Referer...
PT-2026-21744
Name of the Vulnerable Software and Affected Versions FUXA versions 1.2.8 and prior Description FUXA versions 1.2.8 and prior contain an Authentication Bypass issue that can lead to Remote Code Execution RCE. The issue resides in the server/api/jwt-helper.js middleware, which incorrectly relies o...
CVE-2025-69985
CVE-2025-69985 affects FUXA 1.2.8 and earlier. The issue is an authentication bypass in server/api/jwt-helper.js that improperly trusts the HTTP Referer header, allowing unauthenticated remote access to the protected /api/runscript endpoint and arbitrary Node.js code execution. Public references ...
CVE-2019-25439
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2019-25439
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
CVE-2019-25439
Vulnerability summary (CVE-2019-25439) : NoviSmart CMS contains an SQL injection vulnerability exploitable via the Referer HTTP header. An attacker can craft requests including time-based SQL payloads in the Referer header to execute arbitrary SQL queries, potentially extracting sensitive databas...
CVE-2019-25439
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
PT-2026-21440
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...
NoviSmart CMS SQL注入漏洞
NoviSmart CMS is a content management system developed by the Austrian company NoviSmart. NoviSmart CMS has a SQL injection vulnerability, which stems from the SQL injection present in the Referer HTTP header field. This vulnerability could allow remote attackers to execute arbitrary SQL queries...
CVE-2026-27192
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith for comparison, allowing attackers to bypass the check by registering a domain that shares a common prefix with an allowed...