CVE-2021-34249
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.
Source: CVE-2021-34249
[월:] 2023년 02월
CVE-2021-35290
CVE-2021-35290
File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.
Source: CVE-2021-35290
CVE-2023-1029
CVE-2023-1029
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Source: CVE-2023-1029
CVE-2022-44310
CVE-2022-44310
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.
Source: CVE-2022-44310
CVE-2023-1030
CVE-2023-1030
A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755.
Source: CVE-2023-1030
CVE-2023-0481
CVE-2023-0481
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
Source: CVE-2023-0481
CVE-2021-34064
CVE-2021-34064
An issue found in Koel v.5.1.4 and before allows remote attackers to gain access to sensitive information via the login form parameters.
Source: CVE-2021-34064
CVE-2021-33224
CVE-2021-33224
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
Source: CVE-2021-33224
CVE-2021-35370
CVE-2021-35370
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.
Source: CVE-2021-35370
CVE-2023-23205
CVE-2023-23205
An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.
Source: CVE-2023-23205