Lucene search
K

41 matches found

NVD
NVD
added 2025/10/07 8:15 p.m.3 views

CVE-2025-11406

A security flaw has been discovered in kaifangqian kaifangqian-base up to 7b3faecda13848b3ced6c17c7423b76c5b47b8ab. This issue affects the function getAllUsers of the file kaifangqian-parent/kaifangqian-system/src/main/java/com/kaifangqian/modules/system/controller/SysUserController.java. The...

5.3CVSS0.00241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.5 views

PT-2025-41168

Name of the Vulnerable Software and Affected Versions kaifangqian kaifangqian-base affected versions not specified Description A security flaw exists in kaifangqian kaifangqian-base. The issue involves information disclosure resulting from manipulation of the getAllUsers function located in the...

5.3CVSS4.2AI score0.00241EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2024-21452

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00694EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-28770

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00842EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.6 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.8CVSS7.3AI score0.00842EPSS
Exploits1References1
NVD
NVD
added 2024/02/08 1:15 a.m.25 views

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS9.4AI score0.00694EPSS
Exploits0References2
OSV
OSV
added 2024/02/08 1:15 a.m.12 views

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

9.8CVSS7.2AI score
Exploits0References2
Prion
Prion
added 2024/02/08 1:15 a.m.13 views

Privilege escalation

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

7.5CVSS7.4AI score0.00694EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.10 views

Novel-Plus Code Issue Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A code issue vulnerability exists in Novel-Plus v4.3.0-RC1 and earlier versions, which stems from an arbitrary file upload vulnerability in the component com.java2nb.system.controller.SysUserController: uploadImg...

9.8CVSS7.3AI score0.00694EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.13 views

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

7AI score0.00694EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.6 views

PT-2024-20243 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 4.3.0-RC1 and prior Description: An arbitrary File upload vulnerability exists in the uploadImg function of SysUserController at com.java2nb.system.controller.SysUserController. This allows an attacker to pass in a special...

9.8CVSS9.2AI score0.00694EPSS
Exploits0References6
NVD
NVD
added 2023/03/16 2:15 a.m.9 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.8CVSS8.8AI score0.00842EPSS
Exploits1References2
OSV
OSV
added 2023/03/16 2:15 a.m.3 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.8CVSS7.3AI score0.00842EPSS
Exploits1References2
Prion
Prion
added 2023/03/16 2:15 a.m.17 views

Design/Logic Flaw

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

6.5CVSS8.7AI score0.00842EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/03/16 12:0 a.m.4 views

Ofcms 安全漏洞

Zhongtian Network Technology OFCMS is a content management system CMS developed in Java language by China Zhongtian Network Technology Company. A security vulnerability exists in Ofcms version v.1.1.4, which originated from allowing remote attackers to elevate privileges via the respwd method in...

8.8CVSS8.1AI score0.00842EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/16 12:0 a.m.5 views

PT-2023-19768 · Ofcms · Ofcms

Name of the Vulnerable Software and Affected Versions: Ofcms version 1.1.4 Description: An issue in Ofcms allows a remote attacker to escalate privileges via the respwd method in SysUserController. Recommendations: For Ofcms version 1.1.4, consider disabling the respwd method in SysUserController...

8.8CVSS8.7AI score0.00842EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/03/16 12:0 a.m.8 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.8AI score0.00842EPSS
Exploits1References2
CVE
CVE
added 2023/03/16 12:0 a.m.53 views

CVE-2023-24760

CVE-2023-24760 affects Ofcms v1.1.4, allowing a remote attacker to escalate privileges via the respwd method in SysUserController. Affected component is Ofcms (web CMS); root cause described as improper access control in respwd. The NVD entry reports CVSSv3.1 base score 8.8 (Network, Low complexi...

8.8CVSS8.6AI score0.00842EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.24 views

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

8.9AI score0.00842EPSS
Exploits1References2
NVD
NVD
added 2022/04/10 9:15 p.m.8 views

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

5.5CVSS0.00459EPSS
Exploits1References1
Rows per page
Query Builder