ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20) +35838 more potentially affected by CVE-2023-20861 via org.springframework:spring-expression (>=3.0.0.RELEASE <=5.2.22.RELEASE)

org.springframework:spring-expression MAVEN version =3.0.0.RELEASE, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.21 and more Source cves: CVE-2023-20861 Source advisory: OSV:GHSA-564R-HJ7V-MCR5...

ai.optfor:spring-openai-api (>=0.1.3 <=0.3.25), ai.superstream:spring-kafka (=3.0.1-alpha1) +8472 more potentially affected by CVE-2023-20861 via org.springframework:spring-expression (>=6.0.0 <=6.0.6)

org.springframework:spring-expression MAVEN version =6.0.0, =0.1.3, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2, =0.0.6, =0.0.6, =1.3.0, =4.5.0, =4.0.0, =4.0.3 - be.jidoka:jdk-keycloak-admin =2.0.0 and more Source cves: CVE-2023-20861 Source advisory: OSV:GHSA-564R-HJ7V-MCR5...

Couchbase Server 访问控制错误漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions 5.x through 7.x prior to 7.1.4, which stems from access...

PT-2023-10823 · Unknown · Wechat Sdk

Name of the Vulnerable Software and Affected Versions: zwczou WeChat SDK Python versions 0.3.0 through 0.5.4 Description: A critical issue affects the validate/to xml function, leading to xml external entity reference. The attack may be initiated remotely. Recommendations: To address this issue,...

FasterXML jackson-databind 安全漏洞

FasterXML jackson-databind is FasterXML company based on a JAVA can be XML and JSON and other data formats and JAVA objects for the conversion of the library . Jackson can be easily converted into Java objects and json objects and xml documents , the same can be json, xml conversion into Java...

CVE-2020-4927

A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695...

PT-2023-2201 · Eclipse · Eclipse Birt

Name of the Vulnerable Software and Affected Versions: Eclipse BIRT versions 2.6.2 through 4.12 Description: The issue is related to insufficient input validation when processing host headers with the report parameter. This could allow a remote attacker to gain unauthorized access to protected...

agent-memory-layer (>=0.1.0 <=0.1.1), astonish (>=0.12.2 <=0.12.5) +3 more potentially affected by CVE-2023-25617 via sap-ai-sdk-base (>=3.1.2 <=3.4.0)

sap-ai-sdk-base PYPI version =3.1.2, =0.1.0, =0.12.2, =1.0.25122300, =3.0.3, =5.3.4, =6.10.0 Source cves: CVE-2023-25617 Source advisory: OSV:PYSEC-2023-315...

CVE-2022-31474

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1...

PT-2023-21225 · Maddy · Maddy

Name of the Vulnerable Software and Affected Versions: maddy versions 0.2.0 through 0.6.2 Description: The issue allows for a full authentication bypass if a SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it i...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins versions 2.270 through 2.393. An attacker exploited the vulnerability to execu...

@adobe/target-decisioning-engine (>=1.0.0 <=1.5.1), @agriyadev5/react-jsonschema-form (>=1.8.1 <=1.8.3) +132 more potentially affected by CVE-2021-4329 via json-logic-js (>=1.0.9 <=1.2.3)

json-logic-js NPM version =1.0.9, =1.0.0, =1.8.1, =2.29.12, =0.1.7, =1.0.4, =0.2.52, =0.0.1, =4.11.1-rc.8, =3.0.0-rc.23, =3.29.6-1, =3.1.12-1, =3.29.7-12, =3.29.15 and more Source cves: CVE-2021-4329 Source advisory: OSV:GHSA-67J4-2MH6-8627...

CVE-2020-5026

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

vantage6-node (>=3.7.0 <=3.8.0), vantage6-server (>=3.7.0 <=3.8.0) potentially affected by CVE-2023-22738 via vantage6 (>=3.7.0 <=3.8.0)

vantage6 PYPI version =3.7.0, =3.7.0, =3.7.0, =3.8.0 Source cves: CVE-2023-22738 Source advisory: OSV:PYSEC-2023-53...

vantage6-node (>=3.3.3 <=3.7.3), vantage6-server (>=3.3.3 <=3.7.3) potentially affected by CVE-2022-39228 via vantage6 (>=3.3.3 <=3.7.3)

vantage6 PYPI version =3.3.3, =3.3.3, =3.3.3, =3.7.3 Source cves: CVE-2022-39228 Source advisory: OSV:PYSEC-2023-52...

CVE-2021-3855

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection. This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...

CVE-2021-3855 Command Injection in Liman Central Management System

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection. This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...

BG-TEK COSLAT Firewall 安全漏洞

BG-TEK COSLAT Firewall is a series of firewalls from the Turkish company BG-TEK. A security vulnerability exists in BG-TEK COSLAT Firewall versions 5.24.0.R.20180630 through 5.24.0.R.20210727, which stems from improper handling of a parameter in the firewall, leading to remote code execution...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2023-25657 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2023-25657 Source advisory: OSV:PYSEC-2023-37...

PT-2023-15524 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 2.1.0p11 Checkmk versions 2.0.0 through 2.0.0p28 Description: The issue allows an attacker to perform direct queries to the application's core from localhost by injecting Livestatus Query Language LQL in the...