EUVD-2024-21818

Malicious code in bioql PyPI...

OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0

The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...

CVE-2019-17553

An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags=index=doSaveTags URI...

IBM Common Cryptographic Architecture 安全漏洞

IBM Common Cryptographic Architecture is a cryptographic platform from the International Business Machines IBM Corporation. It provides a number of features to protect financial transactions. A security vulnerability exists in IBM Common Cryptographic Architecture versions 7.0.0 through 7.5.51,...

CVE-2024-48646

An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the...

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

CVE-2024-48647

CVE-2024-48647 — Sage 1000 v7.0.0 : A Local File Disclosure vulnerability exists where an attacker can retrieve arbitrary files from the server by manipulating URL parameters. Public documentation confirms this impacts Sage 1000 version 7.0.0 and enables access to sensitive files such as configur...

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

CVE-2024-36823

The encrypt function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information...

CVE-2024-36823

Last updated 24 July 2024...

LeptonCMS 安全漏洞

LeptonCMS is a content management system CMS from the Lepton Project. A security vulnerability exists in LeptonCMS version v.7.0.0 that originates from allowing a local attacker to execute arbitrary code via the upload.php file...

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

LeptonCMS Arbitrary File Upload Vulnerability

LeptonCMS is a content management system CMS for the Lepton Project. An arbitrary file upload vulnerability exists in LeptonCMS version v7.0.0, which stems from the application's lack of effective authentication of uploaded files. An authenticated attacker can exploit this vulnerability to execut...

CVE-2024-24399

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...

CVE-2024-24399

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...

CVE-2024-24399

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area...

CVE-2023-43982

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

Server side request forgery (ssrf)

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at instaparser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call...

CVE-2023-43982

CVE-2023-43982 affects Bon Presta boninstagramcarousel versions 5.2.1–7.0.0. A server-side request forgery (SSRF) vulnerability exists in the url parameter of insta_parser.php, allowing an attacker to use the vulnerable site as a proxy to reach other targets or exfiltrate data via HTTP requests. ...