In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The pre
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The pre
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an
SQL Injection vulnerability in Apache StreamPark.
This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.
Users are recommended to upgrade to version 2.1.6, which fixes the issue.
This vuln
Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark.
This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.
Users are recommended to upgrade to version 2.1.6, which f
In streampark-console the list pages(e.g: application pages), users can sort page by field. This sort field is sent from the front-end to the back-end, and the SQL query is generated using this field.
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for e
A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php o
A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weima
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common
WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.ev
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows
When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256 algorithm). An attacker can exploit this vulnerability to perform
Authenticated command injection in the filename of a .exe request leads to remote code execution as the root user.
This issue affects Iocharger firmware for AC models before version 2412070
StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct mali
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct int
A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HT
The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnera
insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Dri
Page 1+ Next →