20 matches found
CVE-2026-11569
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...
CVE-2025-15182
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...
EUVD-2025-205569
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...
CVE-2025-15182 code-projects Refugee Food Management System served.php sql injection
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...
CVE-2025-15182 code-projects Refugee Food Management System served.php sql injection
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...
PT-2025-53709
Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A flaw exists in Refugee Food Management System 1.0 that allows for SQL injection. This occurs through manipulation of the refNo argument in a remote request to the /home/served.php file...
Code-Projects Refugee Food Management System SQL注入漏洞
Code-Projects Refugee Food Management System is an open source refugee food management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Refugee Food Management System version 1.0, which stems from incorrect manipulation of the parameter refNo in the file...
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This...
Apache HTTP Server 安全漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that can be exploited by an attacker to map URLs to file system locations th...
CVE-2023-29401 Improper handling of filenames in Content-Disposition HTTP header in github.com/gin-gonic/gin
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...
Shopify: Shop App - Attacker is able to intercept authorization code during authentication (OAuth) and is able to get access to Microsoft Outlook email account
A vulnerability was discovered in the Shop App's Microsoft Outlook OAuth flow, where a malicious app could intercept the authorization code during authentication due to the use of deep links. This could allow an attacker to gain access to the victim's emails. The issue was mitigated by implementi...
UBUNTU-CVE-2021-43173
In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2020-1141)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-21030
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...
ALPINE-CVE-2019-6467
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...
CVE-2019-6467
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...
CVE-2019-6467
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...
UBUNTU-CVE-2019-6467
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAI...
Debian DSA-1708-1 : git-core - shell command injection
It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities : Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality CVE-2008-5916 . Local...
Microsoft Executable Being Served
Binary data 4670.prm...