26 matches found
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2024-36532
CVE-2024-36532 affects kruise v1.6.2. The issue is described as insecure permissions that allow an attacker to access sensitive data and escalate privileges by obtaining the service account token. This has been reported across multiple sources (NVD, Red Hat, CNNVD, CVE lists) with verification ag...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2024-36532
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...
CVE-2023-49356
A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592...
CVE-2023-49356
A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592...
Cross site scripting
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet...
CVE-2023-41597
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet...
CVE-2023-41597
Summary: CVE-2023-41597 affects EyouCms v1.6.2, with a reflected cross-site scripting (XSS) vulnerability in the /admin/twitter.php?active_t parameter. The root cause is improper filtering/validation of the active_t input, enabling an attacker to inject and execute scripts in a victim’s browser s...
CVE-2023-41597
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet...
CVE-2023-34657
A stored cross-site scripting XSS vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the webrecordnum parameter...
CVE-2023-34657
CVE-2023-34657 affects Eyoucms v1.6.2 with a stored XSS vulnerability in the web_recordnum parameter. Attackers can inject arbitrary web scripts/HTML to be executed in the victim’s browser, potentially manipulating the site or accessing user data. The available connected documents consistently de...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...
CVE-2023-31708
A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...
CVE-2023-31708
EyouCMS v1.6.2 contains a CSRF vulnerability in the Upload software format function that allows an attacker to execute arbitrary commands when a crafted HTML file is supplied. Documented entries consistently describe the issue as CSRF affecting EyouCMS 1.6.2 with a potential for command execution...
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Summary The jwt authentication function of kubepi = v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Details session.go, the use of...
GHSA-VJHF-8VQX-VQPQ KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Summary The jwt authentication function of kubepi = v1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Details session.go, the use of...
Stack overflow
Deark v.1.6.2 was discovered to contain a stack overflow via the doprismreadpalette function at /modules/atari-img.c...
CVE-2022-43289
Deark v.1.6.2 was discovered to contain a stack overflow via the doprismreadpalette function at /modules/atari-img.c...
Design/Logic Flaw
Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title inpu...