27 matches found
CVE-2023-43961
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
EUVD-2023-2651
Malicious code in bioql PyPI...
EUVD-2023-2827
Malicious code in bioql PyPI...
CVE-2023-44794
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...
Authentication Bypass
SaToken is vulnerable to authentication bypass.The vulnerability is due to a lack of validation while fetching servlet path. The attacker is able to elevate his privileges to admin through a crafted HTTP request...
GHSA-54F6-9MX9-86F7 SaToken privilege escalation vulnerability
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...
GHSA-W9VH-HV5G-7WMR SaToken authentication bypass vulnerability
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
SaToken authentication bypass vulnerability
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
SaToken privilege escalation vulnerability
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...
CVE-2023-43961
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
CVE-2023-44794
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...
CVE-2023-43961
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
CVE-2023-44794
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...
CVE-2023-43961
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
CVE-2023-44794
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...
Design/Logic Flaw
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...
Authentication flaw
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...
SaToken privilege escalation vulnerability
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL...
CVE-2023-44794
CVE-2023-44794 affects Dromara SaToken 1.36.0 and earlier. A remote attacker can escalate privileges by sending a crafted payload to the vulnerable URL, as described across multiple advisories (NVD, OSV, GHSA, IBM bulletin). The core impact stated is privilege escalation with high severity (CVSS ...
SaToken authentication bypass vulnerability
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...