874 matches found
CVE-2025-32961 CUBA JPA Web API Vulnerable to Cross-Site Scripting (XSS) in the /download Endpoint
The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name...
GHSA-HG25-W3VG-7279 XSS in the /download Endpoint of the JPA Web API
Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...
XSS in the /download Endpoint of the JPA Web API
Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...
Cuba JPA web API 安全漏洞
Cuba JPA web API is an open source CUBA Platform framework component for rapid development of enterprise Java applications. A security vulnerability exists in the Cuba JPA web API prior to version 7.2.23, which stems from an improper file size limitation and could lead to a denial of service...
PT-2025-17577 · Cuba Jpa · Cuba Jpa
Name of the Vulnerable Software and Affected Versions: Cuba JPA versions prior to 1.1.1 Description: The Cuba JPA web API allows loading and saving entities defined in the application data model through simple HTTP requests. Prior to version 1.1.1, the input parameter, which includes a file path...
Cuba JPA web API 跨站脚本漏洞
The Cuba JPA web API is an open source CUBA Platform framework component for rapid development of enterprise Java applications. A cross-site scripting vulnerability exists in Cuba JPA web API versions prior to 1.1.1, which stems from improper file path manipulation and could lead to malicious...
LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection
Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7" Date: Current Date, e.g., October 30, 2024 Exploit Author: Your Name or Username Vendor...
CVE-2024-57868
Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...
The vulnerability of the webapi component in the operating systems Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology BeeStation OS allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the webapi component in Synology BeeStation Manager BSM, Synology DiskStation Manager DSM, and Synology BeeStation OS is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow an attacker operating remotely to gain...
CVE-2024-57868
Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...
DEBIAN-CVE-2024-57868
Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...
CVE-2024-57868
Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...
UBUNTU-CVE-2024-57868
Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...
CVE-2024-57868 Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions
Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...
CVE-2024-57868 Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions
Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...
CVE-2024-57868
CVE-2024-57868 affects Web::API 2.8 and earlier for Perl. The root cause is use of rand() as the default entropy source via Data::Random, which is not cryptographically secure, for cryptographic functions. This is stated in the CVE description and supported by references to Data::Random and rand(...
CVE-2024-57868
Web::API 2.8 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random...
MetaCPAN Web::API 安全漏洞
MetaCPAN Web::API is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN Web::API version 2.8 and earlier that stems from the use of an insecure random number generator...
PT-2025-15064
Name of the Vulnerable Software and Affected Versions Web::API versions 2.8 and earlier Description The issue concerns the use of a non-cryptographically secure source of entropy for cryptographic functions. Specifically, Web::API uses the Data::Random library, which relies on the rand function...
CVE-2025-0190
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...