Exploit Database
144,178 exploits tracked across all sources.
jfinal_cms 5.1.0 - SQL Injection via /admin/advicefeedback/list
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list
CVSS 8.8
jfinal_cms 5.1.0 - SQL Injection via /admin/advicefeedback/list
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedback/list
CVSS 8.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVSS 9.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVSS 9.8
jfinal_cms 5.1.0 - SQL Injection
Final CMS 5.1.0 is vulnerable to SQL Injection.
CVSS 9.8
jfinal_cms 5.1.0 - SQL Injection
Final CMS 5.1.0 is vulnerable to SQL Injection.
CVSS 9.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVSS 8.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVSS 8.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
CVSS 8.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection
CVSS 8.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVSS 8.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVSS 8.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.
CVSS 8.8
stealjs steal - Prototype Pollution via npm-convert.js requestedVersion Variable
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
CVSS 9.8
stealjs steal - Prototype Pollution via packageName Variable in npm-convert.js
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.
CVSS 9.8
stealjs steal 2.2.4 - Regular Expression Denial of Service via String Variable in babel.js
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.
CVSS 7.5
stealjs steal 2.2.4 - Regular Expression Denial of Service via Input Variable
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.
CVSS 7.5
stealjs steal 2.2.4 - Regular Expression Denial of Service via source and sourceWithComments Variable
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.
CVSS 7.5
stealjs steal 2.2.4 - Prototype Pollution via optionName Variable
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.
CVSS 9.8
stealjs steal 2.2.4 - Prototype Pollution via Alias Variable in babel.js
Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias variable in babel.js.
CVSS 9.8
stealjs steal - Prototype Pollution via babel.js extend Function
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.
CVSS 9.8
Shinken Monitoring 2.4.3 - Improper Authentication via SafeUnpickler
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.
CVSS 9.8
zlib <= 1.2.12 - Heap-Based Buffer Overflow in inflate via Large Gzip Header Extra Field
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS 9.8
zlib <= 1.2.12 - Heap-Based Buffer Overflow in inflate via Large Gzip Header Extra Field
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS 9.8
zlib <= 1.2.12 - Heap-Based Buffer Overflow in inflate via Large Gzip Header Extra Field
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS 9.8
By Source