EUVD-2020-23981

Malware in sbrugna...

CVE-2025-11034

A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/commondep.action.jsp. The manipulation of the argument filePath results in path traversal. It is possible to launch the attack remotely. The...

react-endless (>=1.0.4 <=1.0.6), react-templet (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via epress (=0.0.1-security)

epress NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on epress and may be impacted: - react-endless =1.0.4, =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-19723...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in EsafeNet CDG v5, which originates from the parameter id of the file /com/esafenet/servlet/document/CDGAuthoriseTempletService.java that can lead to SQL injection...

CVE-2024-28667

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the component /dede/templetsoneedit.php...

Path traversal

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...

CVE-2020-36495

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filemanageview.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36495

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filemanageview.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36496

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component sysadminuseredit.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36497

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component makehtmlhomepage.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36494

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component mychanneledit.php via the filename, mid, userid, and templet' parameters...

CVE-2020-23046

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component tpl.php via the filename, mid, userid, and templet' parameters...

Cross site scripting

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component makehtmlhomepage.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36495

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filemanageview.php via the filename, mid, userid, and templet' parameters...

CVE-2020-36497

DedeCMS v7.5 SP2 contains multiple XSS vulnerabilities in the makehtml_homepage.php component, exploitable via the filename, mid, userid, and templet parameters. The CVE-2020-36497 entries across NVD/Red Hat/CNVD/CVE record confirm cross-site scripting weaknesses in this version. The connected so...

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. A cross-site scripting vulnerability exists in DedeCMS version 7.5 SP2, which can be exploited to inject malicious script code via th...

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the filename, mid, userid ...