67 matches found
CVE-2025-55368
Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account...
jshERP 安全漏洞
jshERP Huaxia ERP is a homegrown ERP system by the individual developer of Ji Sheng Hua in China. A security vulnerability exists in jshERP v3.5, which stems from improper access control in the UserController.java component and could lead to elevated levels of privilege...
ALPINE-CVE-2025-4575
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...
Advanced Backups Security Vulnerability
Advanced Backups is a powerful backup mod for My World game by the individual developer Heather White. A security vulnerability exists in Advanced Backups v3.5.3 and earlier versions, which stems from a vulnerability that allows an attacker to write to arbitrary files by restoring a carefully...
CVE-2024-32799
Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3...
Sentrifugo security breach
Sentrifugo is a human resource management system. The system includes features for human resource management, performance appraisal, recruitment management, and asset management. A security vulnerability exists in Sentrifugo version 3.5 that stems from allowing an authenticated attacker to upload...
Nanoleaf Light strip security vulnerability
Nanoleaf Light strip is a smart LED strip from Nanoleaf. A security vulnerability exists in Nanoleaf Light strip version v3.5.10 that could allow an attacker to send a malicious message and cause a denial of service...
CVE-2023-39808
N.V.K.INTER CO., LTD. NVK iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer...
GHSA-WP6C-29R3-JQW9 SQL injection in jeecg-boot
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...
WordPress Plugin Flickr Justified Gallery 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
jjeecg-boot 代码问题漏洞
JEECG jjeecg-boot is a low-code development platform based on a code generator from JEECG. A security vulnerability exists in jjeecg-boot version V3.5.0, which originates from an unauthorized arbitrary file upload issue in the /jeecg-boot/jmreport/upload interface...
Microsoft .NET Framework 安全漏洞
Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A security vulnerability...
PT-2022-19894 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality. This allows an attacker to send a specially-crafted HTTP request, potentially leading to...
CVE-2022-29721
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist...
Exploit for Path Traversal in Siemens Apogee_Pxc_Firmware
:cyclone: APOLOGEE - Siemens Field Panel Scanner: APOLOGEE is...
CVE-2021-21867
An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigge...
UBUNTU-CVE-2019-14831
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link...
Veritas Resiliency Platform 安全漏洞
Veritas Technologies Resiliency Platform VRP is a suite of data protection solutions from Veritas Technologies, USA. A security vulnerability exists in Veritas Resiliency Platform versions 3.4 and 3.5, which can be exploited by an attacker to gain administrator access to the system, resulting in...
PT-2020-16160 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 through 3.5.14 Moodle versions 3.7 through 3.7.8 Moodle versions 3.8 through 3.8.5 Moodle versions 3.9 through 3.9.2 Moodle earlier unsupported versions Description: The issue arises from insufficient checks on users'...
Mozilla Network Security Services Information Disclosure Vulnerability (CNVD-2020-43765)
Mozilla Network Security Services NSS is a library of functions Network Security Services library from the Mozilla Foundation in the United States. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. A security vulnerability exists in Mozilla Network...