12 matches found
EUVD-2024-2591
Malicious code in bioql PyPI...
nginx 0.7.22 < 1.29.1 Information Disclosure
According to its Sever response header, the installed version of nginx is 0.7.22 prior to 1.29.1. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SM...
CVE-2024-35181
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
GHSA-H7CM-JVPP-69XF Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
CVE-2024-35182
Meshesry (Meshery) has a SQL injection vulnerability in the GetAllEvents path under /api/v2/events due to unsanitized sort query handling in events_streamer.go, allowing stacked queries and ATTACH DATABASE usage to write arbitrary files and access/modify database-stored data (e.g., performance pr...
CVE-2024-35181 GHSL-2024-013 Meshery SQL Injection vulnerability
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...
Meshery 安全漏洞
Meshery is a software application. A multi-service grid management plane that provides lifecycle, configuration and performance management of service grids and their workloads. A security vulnerability exists in Meshery versions prior to 0.7.22, which stems from the presence of a SQL injection...
CVE-2020-7733
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
VulnCheck KEV: CVE-2017-7391
A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...
Magmi Cross-Site Scripting Vulnerability
Magmi is a set of import tools for importing product catalogs into the Magento system. A cross-site scripting vulnerability exists in Magmi version 0.7.22, which stems from the program failing to adequately filter user submissions to the magmi-git-master/magmi/web/ajaxgettime.php; URL. A remote...
WordPress Job Manager Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Job Manager is one of the task manager plugin. A cross-site scripting vulnerability exists in WordPress Job Manage...
e107 alternate_profiles plugin newuser.php SQL Injection Vulnerability
e107 is prone to remote SQL injection vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:e107:e107"; ifdescription...