37 matches found
EUVD-2022-35486
Malicious code in bioql PyPI...
CVE-2019-19685
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions...
CVE-2024-39081
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications...
CVE-2022-36594
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function...
Sql injection
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function...
CVE-2022-36594
CVE-2022-36594 concerns Mapper, a Java persistence framework by Liuzh. Vulnerable ranges are Mapper 4.0.0 through 4.2.0, with a SQL injection via the ids parameter in the selectByIds function. The NVD entry cites a high/critical impact (CVSS v3.1: 9.8; NETWORK, LOW complexity, no user interaction...
CVE-2022-36594
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function...
CVE-2022-36556
Seiko SkyBridge MB-A100/A110 (v4.2.0 and earlier) is affected by CVE-2022-36556 due to a command-injection vulnerability via the ipAddress parameter at the /07system08execute_ping_01 endpoint. The issue could allow a remote attacker to execute arbitrary commands with admin privileges on affected ...
CVE-2022-32413
An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-32413
An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...
Design/Logic Flaw
An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-32413
An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file...
CVE-2022-32413
CVE-2022-32413 describes an arbitrary file upload vulnerability in Dice v4.2.0 that allows an attacker to execute arbitrary code through a crafted file. Public sources in the connected documents confirm impact as remote code execution via file upload, with exploitation details not provided in the...
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Google Compute Engine Plugin 4.2.0 verifies SSH host keys before executing any commands on agents...
CVE-2022-23330
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
CVE-2022-23330
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
Remote code execution
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
CVE-2022-23330
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
CVE-2022-23330
CVE-2022-23330 affects jpress v4.2.0, specifically the HelloWorldAddonController.java component. The vulnerability allows remote code execution by supplying a crafted JAR package, enabling an attacker to run arbitrary code on the affected system. The connected Red Hat, NVD, OSV, and related recor...
CVE-2021-45808
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server...