Online Sports Complex Booking System SQL注入漏洞

Online Sports Complex Booking System is an online stadium booking system from Carlo Montero's personal developer. Online Sports Complex Booking System is vulnerable to a cross-site scripting vulnerability that originates in /scbs/classes/Users. php?f=saveclient lacks a validation filter for...

ToolJet 跨站脚本漏洞

A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when...

mod_auth_openidc: open redirect due to target_link_uri parameter not validated

A open redirect flaw was found in modauthopenidc where it does not sanitize targetlinkuri paramater properly. This issue could be used by a remote attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially...

Jfinal CMS SQL Injection Vulnerability

Jfinal CMS is a java development information consulting website. jfinal CMS version 5.1.0 is vulnerable to SQL injection, which originates from com.jflyfox.system.log.LogController.java missing validation of external input SQL statements. An attacker could use this vulnerability to execute illega...

IBM Planning Analytics 代码问题漏洞

IBM Planning Analytics is a business planning and analysis solution from IBM Corporation. Planning Analytics Workspace is the Web management interface for IBM Planning Analytics. IBM Planning Analytics Workspace version 2.0 contains a file upload vulnerability that stems from a failure to Validat...

CVE-2021-27493

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...

CVE-2021-3422

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 version...

vditor 跨站脚本漏洞

vditor is a browser-based Markdown editor that supports WYSIWYG, on-the-fly rendering similar to Typora, and split-screen preview modes. vditor versions prior to 3.8.12 are vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of...

Tensent SentCMS 代码问题漏洞

Tensent SentCMS is an easy-to-use website management system from Tensent, China. A security vulnerability exists in Tensent SentCMS version 4.0.x. The vulnerability stems from a lack of validation of uploaded files in the file upload interface of the /user/upload/upload php code in the software...

CVE-2022-24359

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PYSEC-2022-132

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

Elite Graphix Elite Cms SQL注入漏洞

Elite Graphix Elite Cms is a web content management written in Php language from Elite Graphix India. platform for storing and organizing information and documents. Elite Graphix Elite Cms suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL...

Elite Graphix Elite Cms 安全漏洞

Elite Graphix Elite Cms is a web content management written in Php language by Elite Graphix India. A platform for storing and organizing information and documents, Elite Graphix Elite Cms v1.0 suffers from a file upload vulnerability that stems from the lack of valid validation of uploaded files...

Tripexpress 路径遍历漏洞

Tripexpress is an open source bus tour travel booking management web application by Shpetim Islami, an Austrian individual developer. tripexpress suffers from a path traversal vulnerability, which originates from the assignment of $SERVERargv assigned to src, the lack of effective filtering and...

ALPINE-CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...

GHSA-7PXJ-M4JF-R6H2 Missing validation during checkpoint loading

Impact An attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. Patches We have patched th...

PYSEC-2021-617

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

PYSEC-2021-400

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

CVE-2021-41208

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...