EUVD-2021-0893

Malware in sbrugna...

EUVD-2022-34026

Malicious code in bioql PyPI...

CVE-2020-18151

Cross Site Request Forgery CSRF vulnerability in ThinkCMF v5.1.0, which can add an admin account...

Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface Radio Scheduling stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1888 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 web interface Radio Scheduling stack-based buffer overflow vulnerability April 9, 2024 CVE Number...

CVE-2023-30349

JFinal CMS v5.1.0 was discovered to contain a remote code execution RCE vulnerability via the ActionEnter function...

CVE-2023-30349

JFinal CMS v5.1.0 was discovered to contain a remote code execution RCE vulnerability via the ActionEnter function...

CVE-2023-30349

CVE-2023-30349 affects JFinal CMS v5.1.0; confirmed remote code execution via the ActionEnter function. The vulnerability is described as a high-severity (CVSS v3.1: 9.8) network‑based issue with no authentication required and no user interaction. The provided documents do not specify a fixed ver...

CVE-2023-22975

A cross-site scripting XSS vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html...

CVE-2023-22975

A cross-site scripting XSS vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under /front/person/profile.html...

CVE-2022-34928

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user...

Sql injection

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user...

CVE-2022-34928

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user...

CVE-2022-34928

CVE-2022-34928 affects JFinal CMS v5.1.0, where a SQL injection vulnerability exists in the /system/user endpoint. The issue is confirmed in multiple sources and is scored by NVD with CVSS 3.1: Network attack, Low attack complexity, Low privileges required, no user interaction, and a base score o...

Design/Logic Flaw

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

Sql injection

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinalcms/system/dict/list...

CVE-2022-33114

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinalcms/system/dict/list...

CVE-2022-29648

A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...

Cross site scripting

A cross-site scripting XSS vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request...

Zammad Denial of Service Vulnerability (CNVD-2022-70097)

Zammad is a suite of ticket management software from Zammad Germany. v5.1.0 of Zammad suffers from a denial of service vulnerability that stems from a lack of a password length limit allowing the creation of extremely long passwords, which could be exploited by an attacker to cause a denial of...

CVE-2022-29700

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service DoS during password verification...