114 matches found
JFinalCMS v5.0.0 - Directory Traversal
An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. id: CVE-2023-41599 info: name: JFinalCMS v5.0.0 - Directory Traversal author: pussycat0x severity: medium description: | An issue in the component /common/DownController.ja...
EUVD-2025-33346
IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...
EUVD-2023-3264
Malicious code in bioql PyPI...
EUVD-2023-3283
Malicious code in bioql PyPI...
PT-2025-36644
NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
CVE-2023-49381
JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/div/update...
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
CVE-2024-37759
DataGear v5.0.0 and earlier contains a SpEL (Spring Expression Language) expression injection in the Data Viewing interface. Root cause: SpEL injection can be triggered when viewing data, potentially enabling arbitrary code execution. Exploitation and PoC exist (GitHub proof of concept shows remo...
CVE-2024-24375
SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter...
Cross-site Scripting in JFinalCMS
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the navigation management department...
Cross-site Scripting in JFinalCMS
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the model management department...
CVE-2023-49486
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the model management department...
CVE-2023-49485
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the column management department...
CVE-2023-49485
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the column management department...
CVE-2023-49487
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the navigation management department...
Cross site scripting
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the column management department...
Cross site scripting
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the model management department...
CVE-2023-49487
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the navigation management department...