CVE-2023-46023

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter...

CVE-2023-46023

CVE-2023-46023 affects Code-Projects Simple Task List 1.0. The vulnerability is a SQL injection in addTask.php caused by improper handling of the status parameter, allowing an attacker to obtain sensitive information. Public sources (e.g., Exploit DB and PacketStorm) provide a PoC and exploit det...

Dreamer CMS Security Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3, which stems from a cross-site request forgery CSRF vulnerability via /admin/task/changeStatus...

CVE-2023-46023

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter...

Dreamer CMS Security Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3, which stems from a cross-site request forgery CSRF vulnerability via /admin/task/update...

Code-Projects Simple Task List Security Vulnerability

Code-Projects Simple Task List is Code-Projects open source a simple task list system . Code-Projects Simple Task List version 1.0 has a security vulnerability , the vulnerability stems from allowing an attacker to obtain sensitive information through the status parameter in addTask.php...

ALSA-2023:7077 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 kernel: net/sched: multiple vulnerabilities CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208...

CVE-2023-48021

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/update...

CVE-2023-47117 Object Relational Mapper Leak Vulnerability in Filtering Task in Label Studio

Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on t...

CVE-2023-48058

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/run...

CVE-2023-48058

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/run...

CVE-2023-48060

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/add...

Cross site request forgery (csrf)

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/run...

Missing Authorization

Apache Airflow is vulnerable to Missing Authorization. The vulnerability is due to a lack of validation while authorizing users to read DAGs. A user with read permission to specific DAGs can read task instances of other DAGs...

Dreamer CMS Security Vulnerability

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version 4.1.3, which stems from a cross-site request forgery CSRF vulnerability in component /admin/task/add...

Label Studio Security Vulnerability

Label Studio is an open source data labeling tool from Heartex Open Source. Allows you to use a simple and clear UI to mark data types such as audio, text, images, video and time series, and export to a variety of model formats. A security vulnerability exists in Label Studio versions prior to...

CVE-2023-48060

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/add...

CVE-2023-48058

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/task/run...

CVE-2023-48060

Dreamer CMS v4.1.3 contains a Cross-Site Request Forgery (CSRF) in the component "/admin/task/add". The root cause is a CSRF flaw that can enable unauthorized actions on behalf of a user; CVSSv3.1: 8.8 (HIGH) with network attack vector, low attack complexity, no privileges, user interaction requi...

PT-2023-30688 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/task/add". This issue may allow unauthorized actions to be performed on behalf of a user. Recommendations: For Dreamer CMS...