CVE-2025-5186

A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...

CVE-2025-5186 thinkgem JeeSite URI Scheme form ResourceLoader.getResource server-side request forgery

A vulnerability was found in thinkgem JeeSite up to 5.11.1. It has been rated as critical. Affected by this issue is the function ResourceLoader.getResource of the file /cms/fileTemplate/form of the component URI Scheme Handler. The manipulation of the argument Name leads to server-side request...

PT-2025-22928 · Thinkgem · Thinkgem Jeesite

Name of the Vulnerable Software and Affected Versions: thinkgem JeeSite versions up to 5.11.1 Description: A critical issue affects the function ResourceLoader.getResource of the file /cms/fileTemplate/form in the component URI Scheme Handler. The manipulation of the argument Name leads to...

Malicious code in @zohocalendar/resource-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware faab1535d62039670d3ec4cef9f0fb0bb279a2b5a0e788146a71e9d1770d3c6e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Apache Solr Remote Code Execution via Velocity Template

This module exploits a vulnerability in Apache Solr 'Apache Solr Remote Code Execution via Velocity Template', 'Description' = %q This module exploits a vulnerability in Apache Solr = 8.3.0 which allows remote code execution via a custom Velocity template. Currently, this module only supports Sol...

Remote Code Execution (RCE)

solr-velocity is vulnerable to remote code execution RCE. The vulnerability can be caused by loading custom Velocity templates containing malicious code since the solr resource loader in VelocityResponseWriter.java was on by default...

Apache Solr Remote Command Execution Vulnerability Based on Velocity Templates

Apache Solr is the United States Apache Apache Software Foundation of a Lucene a full-text search engine based on the search server . The product supports level search , vertical search , highlighting search results and so on. A remote command execution vulnerability exists in Apache Solr based o...

Design/Logic Flaw

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Solr: directory traversal when loading XSL stylesheets and Velocity templates

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

DEBIAN-CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

CVE-2013-2921

Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering...

CVE-2013-2921

CVE-2013-2921 is a use-after-free in Blink’s resource loader (ResourceFetcher::didLoadResource), affecting Chromium/Blink prior to 30.0.1599.66. The flaw can allow remote denial of service or other unspecified impacts via resource callback handling. Public records in connected docs confirm this C...

CVE-2013-2921

Removed by vendor...

CVE-2012-1579

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information...

CVE-2012-1579

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information...

Cross site request forgery (csrf)

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information...

CVE-2012-1579

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information...

CVE-2012-1579

The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information...