CVE-2026-24816

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in datavane tis tis-console/src/main/java/com/qlangtech/tis/runtime/module/action modules. This vulnerability is associated with program files ChangeDomainAction.Java. This issue affects tis: before v4.3.0...

EUVD-2018-9329

Malware in sbrugna...

CVE-2024-30949

CVE-2024-30949 concerns an issue in the GNU C library replacement newlib version 4.3.0 where the time unit scaling in the function _gettimeofday may allow an attacker to execute arbitrary code. The connected sources consistently describe the vulnerability and its impact as arbitrary code executio...

VulnCheck KEV: CVE-2023-37679

A remote command execution RCE vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server...

Privilege escalation

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-25274

An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-24014

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list...

CVE-2024-24017

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list...

CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

CVE-2024-24025

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

CVE-2024-24026

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

CVE-2024-24024

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

Sql injection

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list...

Arbitrary file deletion

An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...

Privilege escalation

An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...

CVE-2024-24023

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list...

CVE-2024-24018

Summary of CVE-2024-24018 (Novel-Plus) : A SQL injection vulnerability affects Novel-Plus versions 4.3.0-RC1 and earlier, exploitable via the API endpoint /system/dataPerm/list by passing crafted values for the offsets/limits/sort parameters. The CVSS 3.1 score is 9.8 (CRITICAL) with network acce...