CVE-2022-23223

The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Source: CVE-2022-23223

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Source: CVE-2022-23945

CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

Source: CVE-2021-45845

CVE-2021-45342

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

Source: CVE-2021-45342

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Source: CVE-2021-45029

CVE-2021-45343

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.

Source: CVE-2021-45343

CVE-2021-45802

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.

Source: CVE-2021-45802

CVE-2021-45803

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.

Source: CVE-2021-45803

CVE-2021-45844

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.

Source: CVE-2021-45844

CVE-2021-45341

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

Source: CVE-2021-45341