CVE-2023-30954

The CVE describes a race condition in the Gotham video-application-server where ACLs for new videos may not be applied if the source system has not initialized. Affected component: Gotham video-application-server; underlying issue is a race condition affecting access control application during vi...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code issue vulnerability that can be exploited by an attacker to cause a local privilege escalation without the need for additional execute privileges...

Apache Fineract Server Request Forgery Vulnerability

Apache Fineract is an open source system for platformizing core banking systems. A reliable, robust and affordable financial services solution for entrepreneurs, financial institutions and service providers. A server-side request forgery vulnerability exists in Apache Fineract versions 1.4 throug...

CVE-2023-27472

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...

maccms10 代码问题漏洞

maccms10 is magicblack open source PHP+MYSQL environment using a set of perfect and powerful rapid site building system . maccms10 2021.1000.2000 version of the code problematic vulnerability , the vulnerability stems from its allows attackers to achieve server-side request forgery...

ctrlo lenio 安全漏洞

lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio, which stems from some unknown functions in its views/contractor.tt file that operate on the parameter contractor.name allowing an attacker to implement cross-site scripting...

CVE-2022-42143

Open Source SACCO Management System v1.0 is vulnerable to SQL Injection via /saccoshield/managepayment.php...

Anchor 安全漏洞

Anchor is an open source lightweight blogging system. A security vulnerability exists in Anchore Enterprise anchorectl version 0.1.4, which stems from incorrectly stored credentials when generating the software bill of materials. anchorectl will add credentials used to access the Anchore Enterpri...

MingSoft MCMS SQL注入漏洞

MingSoft MCMS is a complete open source J2ee system from MingSoft, a Chinese company. mingsoft MCMS has a SQL injection vulnerability, which originates from the lack of filtering and escaping of SQL data in the categoryId parameter of /cms/content/list, and can be used by attackers to execute...

MCMS SQL Injection Vulnerability

Mcms is a complete open source J2ee system from China MingFei MingSoft. mcms v5.2.4 version has a SQL injection vulnerability, which originates in /ms/mdiy/model/importJson.do for the lack of filtering and escaping of SQL data. No detailed vulnerability details are available at this time...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. There is a security vulnerability in Google Android version 11, there is no information about this vulnerability yet, please stay tuned to CNNVD or the manufacturer's announcement...

Command Execution Vulnerability in EyouCms (CNVD-2021-41520)

EyouCms is based on the TP5.0 framework for the core development of free open source enterprise content management system, focusing on enterprise station user needs, providing a large number of templates in various industries, reducing the construction of small and medium-sized enterprises, netwo...

SQL Injection Vulnerability in SEMCMS Shop Backend (CNVD-2021-39125)

SEMCMS Shop is a self-developed open source online store btc system. SQL injection vulnerability exists in SEMCMS Shop backend. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in Station Helpers CMS (CNVD-2021-37352)

Station Helpers CMS is a CMS open source system dedicated to creating a full-featured ... Station Helpers CMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Station Master CMS has arbitrary file reading vulnerability

Station Helpers CMS is a CMS open source system dedicated to creating a full-featured ... Station Helpers CMS has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

File Upload Vulnerability in MCms of Jiangxi Minsoft Technology Co. Ltd (CNVD-2021-36509)

MCms is an open source content management system. Ltd. MCms file upload vulnerability, an attacker can use the vulnerability to obtain control of the server...

Hurricane CMS 1.1.0 SQL Injection Vulnerability in Backend

Hurricane CMS is an open source CMS system, features all open source, efficient and convenient secondary development, simple background, plug-in categorization, adapt to various types of websites to expand the construction. Hurricane CMS1.1.0 background SQL injection vulnerability , attackers can...

Command Execution Vulnerability in WMCMS

WMCMS is based on PHP MYSQL as the core development, free open source professional Chinese labeling system. WMCMS command execution vulnerability , an attacker can use the vulnerability to obtain control of the server...

file upload vulnerability in semcms PHP version 2.0 backend

SemCms is a set of open source foreign trade enterprise website management system, mainly for foreign trade enterprises, compatible with IE, Firefox, google, 360 and other mainstream browsers semcms foreign trade website PHP version 2.0 background file upload vulnerability , attackers can use the...

Extreme cms suffers from SQL injection vulnerability (CNVD-2021-35733)

Extreme cms is an open source web content management system developed by Langfang Extreme Networks Technology Co. Extreme cms SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...