Ugrás a tartalomra

Riasztások

2025. Jan. 16.

NA - CVE-2024-37181 - Time-of-check time-of-use race condition in...

Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent...
security-database.com
Tovább
2025. Jan. 16.

High - CVE-2024-41746 - IBM CICS TX Advanced 10.1, 11.1, and Standard...

IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...
security-database.com
Tovább
2025. Jan. 16.

NA - CVE-2024-50633 - A Broken Object Level Authorization (BOLA)...

A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals.
security-database.com
Tovább
2025. Jan. 16.

NA - CVE-2024-57768 - JFinalOA before v2025.01.01 was discovered to...

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key.
security-database.com
Tovább
2025. Jan. 16.

NA - CVE-2024-57769 - JFinalOA before v2025.01.01 was discovered to...

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
security-database.com
Tovább
2025. Jan. 16.

NA - CVE-2024-57770 - JFinalOA before v2025.01.01 was discovered to...

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
security-database.com
Tovább
2025. Jan. 16.

NA - CVE-2024-57771 - A cross-site scripting (XSS) vulnerability in...

A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
security-database.com
Tovább
2025. Jan. 16.

NA - CVE-2024-57772 - A cross-site scripting (XSS) vulnerability in...

A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
security-database.com
Tovább
2025. Jan. 16.

NA - CVE-2024-57773 - A cross-site scripting (XSS) vulnerability in...

A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
security-database.com
Tovább
2025. Jan. 16.

NA - CVE-2024-57774 - A cross-site scripting (XSS) vulnerability in...

A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted...
security-database.com
Tovább
Nyelv