CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

Cvelist•added 2024/07/12 12:0 a.m.•28 views

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

0.00456EPSS

Exploits1References1

Vulnrichment•added 2024/07/12 12:0 a.m.•17 views

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

8.3AI score0.00381EPSS

Exploits1References1

Vulnrichment•added 2024/07/12 12:0 a.m.•24 views

CVE-2024-40540

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept...

8.3AI score0.00456EPSS

Exploits1References1

Vulnrichment•added 2024/07/12 12:0 a.m.•17 views

CVE-2024-40539

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user...

8.3AI score0.00456EPSS

Exploits1References1

Positive Technologies•added 2024/07/12 12:0 a.m.•4 views

PT-2024-28906 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the dataScope parameter at the "/api/dept/build" API endpoint. Recommendations: F...

9.8CVSS7.7AI score0.00431EPSS

Exploits1References4

CNNVD•added 2024/07/12 12:0 a.m.•4 views

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

9.8CVSS8AI score0.00456EPSS

Exploits1References2

CNNVD•added 2024/07/12 12:0 a.m.•5 views

my-springsecurity-plus SQL Injection Vulnerability

9.8CVSS8AI score0.00456EPSS

Exploits1References2

CNNVD•added 2024/07/12 12:0 a.m.•5 views

my-springsecurity-plus SQL Injection Vulnerability

9.8CVSS8AI score0.00431EPSS

Exploits1References2

Positive Technologies•added 2024/07/12 12:0 a.m.•3 views

PT-2024-28904 · Unknown · My-Springsecurity-Plus

Name of the Vulnerable Software and Affected Versions: my-springsecurity-plus versions prior to v2024.07.03 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the dataScope parameter at the "/api/user" API endpoint. Recommendations: For versions prior to...

9.8CVSS7.7AI score0.00456EPSS

Exploits1References4

CVE•added 2024/07/12 12:0 a.m.•90 views

CVE-2024-40541

Summary: CVE-2024-40541 affects my-springsecurity-plus prior to v2024.07.03, with a SQL injection vulnerability exposed via the dataScope parameter at the /api/dept/build endpoint. What’s vulnerable: my-springsecurity-plus components handling the dataScope input for that API path. Root cause / im...

9.8CVSS8.3AI score0.00431EPSS

Exploits1References1Affected Software1

CVE•added 2024/07/12 12:0 a.m.•80 views

CVE-2024-40540

CVE-2024-40540 affects my-springsecurity-plus prior to version 2024.07.03. The vulnerability is a SQL injection via the dataScope parameter in /api/dept. Reports from Red Hat and other sources confirm the same description across multiple feeds. The CVSS metrics indicate high impact to confidentia...

9.8CVSS8.3AI score0.00456EPSS

Exploits1References1Affected Software1

CVE•added 2024/07/12 12:0 a.m.•90 views

CVE-2024-40539

CVE-2024-40539 concerns my-springsecurity-plus prior to v2024.07.03, where a SQL injection is exposed via the dataScope parameter in the /api/user endpoint. The issue is documented across multiple sources indicating the vulnerable component and the attack surface. Public references consistently s...

9.8CVSS8.3AI score0.00456EPSS

Exploits1References1Affected Software1

CVE•added 2024/07/12 12:0 a.m.•78 views

CVE-2024-40542

CVE-2024-40542 affects my-springsecurity-plus versions before v2024.07.03. A SQL injection is exposed via the dataScope parameter at /api/role?offset, as documented across NVD/Red Hat/CNNVD entries. Impact is described variably: NVD base score 9.8 (CRITICAL) with full confidentiality, integrity, ...

9.8CVSS8.3AI score0.00381EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/07/12 12:0 a.m.•13 views

CVE-2024-40541

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...

8.3AI score0.00431EPSS

Exploits1References1

Cvelist•added 2024/07/12 12:0 a.m.•22 views

CVE-2024-40542

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset...

0.00381EPSS

Exploits1References1

Cvelist•added 2024/07/12 12:0 a.m.•30 views

CVE-2024-40541

my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build...

0.00431EPSS

Exploits1References1

NVD•added 2024/07/11 5:15 p.m.•28 views

CVE-2024-6681

A vulnerability, which was classified as critical, has been found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this issue is some unknown functionality of the file /api/dept. The manipulation of the argument params.dataScope leads to sql injection. The attack may be launched...

9.8CVSS0.00473EPSS

Exploits0References3

Cvelist•added 2024/07/11 4:31 p.m.•37 views

CVE-2024-6681 witmy my-springsecurity-plus dept sql injection

6.5CVSS0.00473EPSS

Exploits0References3

CVE•added 2024/07/11 4:31 p.m.•72 views

CVE-2024-6681

Affected product: witmy my-springsecurity-plus (up to 2024-07-04). Vulnerability: SQL injection via manipulation of the argument params.dataScope in the endpoint /api/dept, leading to potential remote exploitation. Multiple sources confirm the issue and public disclosure of the exploit. Impact (a...

9.8CVSS6.8AI score0.00473EPSS

Exploits0References3Affected Software1

OSV•added 2024/07/11 4:15 p.m.•5 views

CVE-2024-6680

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...

9.8CVSS6.3AI score0.00473EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by