CVE-2026-5012

The CVE-2026-5012 affects elecV2/elecV2P up to version 3.8.3, specifically the pm2run function in /rpc, where a crafted manipulation can trigger OS command injection. The vulnerability is remotely exploitable over the network, and a published exploit exists. The project was alerted via issue repo...

CVE-2024-47878

OpenRefine before 3.8.3 exposes the state parameter in a [removed] tag via the /extension/gdata/authorized endpoint, enabling reflected XSS (CVE-2024-47878). The issue arises from verbatim inclusion without escaping, allowing an attacker to craft a URL that executes JavaScript in a victim’s brows...

CVE-2022-37158

RuoYi v3.8.3 has a Weak password vulnerability in the management system...

CVE-2022-37158

Summary: CVE-2022-37158 affects RuoYi v3.8.3, reporting a weak password vulnerability in the management system. The issue has a high impact (CVSS 9.8: Network attack, no user interaction, all of confidentiality, integrity, and availability affected) and is attributable to a weak password policy i...

CVE-2022-37158

RuoYi v3.8.3 has a Weak password vulnerability in the management system...

CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...