CVE-2020-19877

DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information...

CVE-2024-55875 http4k has a potential XXE (XML External Entity Injection) vulnerability

http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 6.50.0.0, there is a potential XXE XML External Entity Injection vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server,...

PT-2022-25746 · Jenkins · Jenkins Build-Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build-Publisher Plugin versions 1.22 and earlier Description: The issue is related to a missing permission check in an HTTP endpoint, which allows attackers with Overall/Read permission to obtain the names and URLs of Jenkins servers...

File Upload Vulnerability in YouDianCMS v8.0 Backend

Youdiancms Enterprise Website Management System is an enterprise website building system developed by Changsha Youdian Software Technology Co. YouDianCMS v8.0 has a file upload vulnerability, which can be exploited by an attacker to directly obtain server information, permissions, and so on...

File Upload Vulnerability in vaethink v1.0.1

vaeThink pronounced:v think is a lightweight, high speed PHP content management framework built on ThinkPHP backend and Layui frontend ui. vaethink v1.0.1 has a file upload vulnerability that can be exploited by attackers to gain access to server information and permissions...