54 matches found
JeeWMS 代码问题漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Version 3.7 of JeeWMS contains code vulnerabilities. These vulnerabilities stem from improper handling of the upfile parameter in the component UEditor’s file/plug-in/ueditor/jsp/getRemoteImage.jsp, which...
CVE-2022-31300
A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...
EUVD-2022-52856
Malicious code in bioql PyPI...
EUVD-2022-52853
Malicious code in bioql PyPI...
CVE-2025-29213
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file...
CVE-2025-29213
A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file...
CVE-2024-40455
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...
CVE-2024-40455
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...
CVE-2024-40455
CVE-2024-40455 concerns ThinkSAAS 3.7, where an arbitrary file deletion vulnerability can be triggered by a crafted request. The available documents identify the affected product/version and the broad impact (arbitrary files deletion) but do not provide detailed root cause, specific affected comp...
CVE-2024-40455
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...
CVE-2024-40455
An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request...
GSD-2023-1002189 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
netfilter: ipset: Fix overflow before widen in the bitmapipcreate function. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.164 by commit...
GSD-2023-1001842 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
netfilter: ipset: Fix overflow before widen in the bitmapipcreate function. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.303 by commit...
GSD-2023-1001832 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
netfilter: ipset: Fix overflow before widen in the bitmapipcreate function. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.270 by commit...
GSD-2023-1001793 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
netfilter: ipset: Fix overflow before widen in the bitmapipcreate function. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.164 by commit...
GSD-2023-1001760 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
netfilter: ipset: Fix overflow before widen in the bitmapipcreate function. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.89 by commit...
GSD-2023-1001714 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
netfilter: ipset: Fix overflow before widen in the bitmapipcreate function. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...
GSD-2023-1001219 fs: don't audit the capability check in simple_xattr_list()
fs: don't audit the capability check in simplexattrlist This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...
The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations
Impact The graphql-upload npm package can execute GraphQL operations contained in content-type: multipart/form-data POST requests. Because they are POST requests, they can contain GraphQL mutations. Because they use content-type: multipart/form-data, they can be "simple requests" which are not...
Exploit for OS Command Injection in Apache Spark
CVE-2022-33891 Apache Spark...