Linux Distros Unpatched Vulnerability : CVE-2023-20860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismat...

PT-2024-36623 · Syncfusion · Syncfusion Essential Studio

Name of the Vulnerable Software and Affected Versions: Syncfusion Essential Studio for ASP.NET MVC versions prior to 27.1.55 Description: The issue is related to a traversal problem in the File Manager component, which is connected to the request parameter. This could potentially allow unauthoriz...

CVE-2024-40502

SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btnloginbClick function of the Loginpage.aspx...

Malicious code in Be.Vlaanԁeren.Basisregisters.AspNetCore.Mvс.Formatters.Csv (NuGet)

--- -= Per source details. Do not edit below this line.=-...

GHSA-R4Q3-7G4Q-X89M Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

GHSA-V94H-HVHG-MF9H Spring Framework vulnerable to denial of service

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

CVE-2023-34658

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...

CVE-2023-34658

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...

Telegram 安全漏洞

Telegram is an instant messaging mobile application. A security vulnerability exists in Telegram version v9.6.3, which stems from a vulnerability that allows an attacker to hide critical information on the User Interface by calling the function SFSafariViewController...

PT-2023-23722 · Umbraco · Umbracoidentityextensions

Name of the Vulnerable Software and Affected Versions: UmbracoIdentityExtensions versions affected versions not specified Description: The issue concerns the UmbracoIdentityExtensions package, which is an Umbraco add-on for ASP.Net Identity integration. In affected versions, client secrets are no...

CVE-2023-33651

An issue in the MVC Device Simulator of Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules...

Spring Framework 资源管理错误漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that stems from a possible Denial of Service DoS attack if Spring MVC is used wi...

CVE-2023-22729

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link...

Design/Logic Flaw

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link...

Design/Logic Flaw

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

CVE-2023-22729 Silverstripe Framework has open redirect vulnerability on CMSSecurity relogin screen

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link...

CVE-2023-22728

CVE-2023-22728 affects Silverstripe Framework specifically the GridField print view. The root cause is a missing/incorrect permission check for DataObjects in GridFieldPrintButton, potentially allowing a content author to view records they are not authorized to access. Affected software: Silverst...

spring-framework: RCE via Data Binding on JDK 9+

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

spring-framework: RCE via Data Binding on JDK 9+

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...

spring-framework: RCE via Data Binding on JDK 9+

A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...