gougucms（勾股CMS） 代码注入漏洞

Gougucms is an open-source backend management framework developed by Gougu in China, based on ThinkPHP6, Layui, and MySql. Version 4.08.18 of Gougucms contains a code injection vulnerability. This vulnerability stems from incorrect handling of a parameter named "value.content" in the file...

PT-2026-28493

Name of the Vulnerable Software and Affected Versions TSPortal versions prior to 34 Description TSPortal, the WikiTide Foundation’s in-house platform used by the Trust and Safety team, was found to have a flaw that allowed attackers to create arbitrary user records in the database. This was...

EUVD-2012-3359

Malware in sbrugna...

EUVD-2025-18385

Malicious code in bioql PyPI...

EUVD-2022-2382

Malicious code in bioql PyPI...

SUSE CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

CVE-2024-6808

A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-4528

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/user-record.php. The manipulation of the argument txtfullname leads to cross site scripting. The attack can ...

Prison Management System 跨站脚本漏洞

Prison Management System is a prison management system developed by Carlo Montero. A cross-site scripting vulnerability exists in Prison Management System version 1.0, which stems from /Admin/user-record.php containing unknown functionality that leads to cross-site scripting via the txtfullname...

CVE-2023-39345

CVE-2023-39345 affects the Strapi open‑source CMS. According to the sources, versions prior to 4.13.1 did not properly restrict write access to fields marked as private in the user registration endpoint, allowing a malicious user to modify their own records. The issue is addressed in version 4.13...

HCL Technologies HCL Domino 安全漏洞

HCL Technologies HCL Domino is an application software from HCL Technologies, Inc. It provides a platform for application development. HCL Technologies HCL Domino has a security vulnerability that originates from the presence of an information disclosure that can be exploited by an authenticated...

Improper Limitation of a Pathname to a Restricted Directory in Jenkins

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into...

CVE-2018-1000863

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into...

jenkins: forced migration of user records (SECURITY-1072)

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into...

CVE-2018-1000408

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...

CVE-2018-1000408

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...

Denial of service

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database...

Jenkins < 2.146 and < 2.138.2 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...