Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2023-14070 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: Jumpserver versions 2.10.0 through 2.26.0 Description: The issue is related to multiple stored XSS vulnerabilities due to improper filtering of user input. This can lead to the execution of any javascript under admin's permission...

Design/Logic Flaw

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...

@0xagnish/circom2-create-project (=1.0.412), @0xagnish/create-circom2-project (>=1.0.0 <=1.0.418) +323 more potentially affected by CVE-2023-33252 via snarkjs (>=0.1.11 <=0.6.11)

snarkjs NPM version =0.1.11, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.1, =2.0.0-alpha.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.2.2 and more Source cves: CVE-2023-33252 Source advisory: OSV:GHSA-XP5G-JHG3-3RG2...

Apache InLong 代码问题漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security bypass vulnerability exists in Apache InLong versions 1.4.0 through 1.6.0, which stems from insufficient session expiration, and can be exploited by an attacker to reuse old...

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security vulnerability exists in Apache InLong versions 1.1.0 through 1.6.0, which stems from an application that does not set a complexity requirement for user passwords, and can be...

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. An authorization issue vulnerability exists in Apache InLong versions 1.2.0 through 1.6.0. The vulnerability stems from improper privilege management. An attacker can exploit the vulnerabili...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

PT-2023-9597 · Starlette +2 · Starlette +2

Name of the Vulnerable Software and Affected Versions: Starlette versions 0.13.5 through 0.27.0 Description: The issue is related to a directory traversal vulnerability in Starlette, which allows a remote unauthenticated attacker to view files in a web service built using Starlette. This is due t...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-32058 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-32058 Source advisory: OSV:GHSA-6R8Q-PFPV-7CGJ...

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-32059 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-32059 Source advisory: OSV:GHSA-PH9X-4VC9-M39G...

com.nachinius:stomp-for-akka-streams_2.12 (=0.1.2), io.github.davidgregory084:vertices-stomp_2.12 (>=0.1.1 <=0.1.2) +9 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=3.1.0 <=3.9.15)

io.vertx:vertx-stomp MAVEN version =3.1.0, =0.1.1, =0.1.0, =3.4.0, =3.1.0, =3.1.0, =3.4.0, =3.9.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

CVE-2023-29790

kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue...

PT-2023-22095 · Apache · Apache Openmeetings

Name of the Vulnerable Software and Affected Versions: Apache OpenMeetings versions 3.1.3 through 7.1.0 Description: The issue allows an attacker with access to certain private information to impersonate other users. Recommendations: For Apache OpenMeetings versions 3.1.3 through 7.1.0, update to...

Apache OpenMeetings 安全漏洞

Apache OpenMeetings is a multi-language, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. A security vulnerability exists in Apache OpenMeetings versions 2.0.0 throu...

Apache OpenMeetings 授权问题漏洞

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. An authorization issue vulnerability exists in Apache OpenMeetings versions...

Apache OpenMeetings 输入验证错误漏洞

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. A code execution vulnerability exists in Apache OpenMeetings versions 2.0.0...

WordPress plugin Essential Addons for Elementor 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerabilit...

n8n-nodes-accelo (>=0.1.0 <=0.1.9), n8n-nodes-closeio (=0.1.0) +7 more potentially affected by CVE-2023-27562 via n8n (>=0.138.0 <=0.214.5)

n8n NPM version =0.138.0, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.1.7 Source cves: CVE-2023-27562 Source advisory: OSV:GHSA-P58X-7733-VP9M...

Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from the US company Pixel & tonic. A cross-site scripting vulnerability exists in Craft CMS versions 3.0.0 through 3.8.3 and 4.0.0 through 4.4.3, which stems from a formatting error in the malformed title that can deliver XSS loads...