application-urlshortener 跨站请求伪造漏洞

application-urlshortener is an open source XWiki SAS tool for creating shortened URLs for XWiki pages. A cross-site request forgery vulnerability exists in versions of application-urlshortener prior to 1.2.4, where a user with view privileges can create arbitrary pages...

CVE-2023-31445

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...

CVE-2023-23554

Uncontrolled search path element vulnerability exists in pgivm versions prior to 1.5.1. When refreshing an IMMV, pgivm executes functions without specifying schema names. Under certain conditions, pgivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...

CVE-2024-7557 Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai

A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege escalation across models within the same namespace. When deploying AI models, the UI provides the option to protect models with authentication. However, credentials from one model can be used to access...

PT-2024-29435 · Feripro · Feripro

Name of the Vulnerable Software and Affected Versions: Feripro versions prior to 2.2.3 Description: The issue is related to an Incorrect Access Control vulnerability. It affects the "/admin/benutzer/institution/rechteverwaltung/uebersicht" endpoint, allowing remote attackers to obtain a list of a...

XWiki Platform Security Vulnerability

XWiki Platform is a suite of wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in Xwiki versions 9.4-rc-1 through 14.10.8, and versions prior to 15.3-rc-1, which originates when a document is deleted and recreated,...

XWiki Platform 注入漏洞

XWiki Platform is a suite of wiki platforms for creating web collaboration applications from XWiki France. The XWiki Platform suffers from an injection vulnerability that originates from the execution of arbitrary script macros, including Groovy and Python macros that allow remote code execution,...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating collaborative web applications from the French company XWiki. XWiki Platform suffers from an injection vulnerability, which stems from improper escaping of Invitation.InvitationCommon, that allows any user with view privileges to execute...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. XWiki Platform suffers from an injection vulnerability that stems from incorrect escaping of the UIX parameter, which allows any user with view privileges to execute arbitrary...

Jenkins Environment Dashboard 插件跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

Jenkins 跨站脚本漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2021-2175

Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any View, Select Any View privilege with network access via Oracle Net ...

CVE-2019-5933

Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'...

AVEVA InTouch Buffer Overflow Vulnerability

AVEVA InTouch is an embedded HMI software package from AVEVA Group plc in the UK. The product provides read and write tagging and event monitoring functionality for HMI clients. A security vulnerability exists in AVEVA InTouch. A remote attacker could exploit this vulnerability by sending special...