| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. |
| A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key
. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release. |
| Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order. |
| Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries. |
| In Gitea before 1.21.2, an anonymous user can visit a private user's project. |
| In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS. |
| A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. |
| A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. |
| A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. |
