16 matches found
CVE-2026-8736 Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...
CVE-2026-8736
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...
EUVD-2026-30685
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...
CVE-2026-8736 Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...
PT-2026-41521
A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...
CVE-2025-55988
An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...
CVE-2025-55988
An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...
CVE-2025-55988
An issue in the component /Controllers/RestController.php of DreamFactory Core v1.0.3 allows attackers to execute a directory traversal via an unsanitized URI path...
CVE-2026-3789 Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgery
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
EUVD-2021-0872
Malware in sbrugna...
CVE-2020-36319
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController...
Default configuration
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController...
GHSA-RJWW-2X8V-M9V9 Potential sensitive data exposure in applications using Vaadin 15
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...
Potential sensitive data exposure in applications using Vaadin 15
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...
GHSA-76F4-FW33-6J2V Potential sensitive data exposure in applications using Vaadin 15
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 Vaadin 15.0.0 through 15.0.4 may expose sensitive data if the application also uses e.g. @RestController - https://vaadin.com/security/cve-2020-36319...
CVE-2019-2233
In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not...