CWE-99: CWE-99

This vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics allows attackers to inject malicious JNDI identifiers when creating Communi...

CVE-2021-22879 is a resource injection vulnerability in Nextcloud Desktop Client that allows malicious Nextcloud servers to execute arbitrary commands...

This vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics allows attackers to control system-level data sources by exploiting unrestr...

This vulnerability in FFmpeg's DASH playlist support allows attackers to make arbitrary HTTP GET requests from the system running FFmpeg by providing ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Campcodes Online Laundry Management System 1.0. Attackers can manipulat...

This vulnerability in Xuxueli xxl-job allows remote attackers to manipulate job ID parameters to improperly control resource identifiers, potentially ...

This critical vulnerability in SimpleMachines SMF 2.1.4 allows remote attackers to manipulate resource identifiers in the user alert deletion function...

This vulnerability in FFmpeg's TTY Demuxer allows data exfiltration through improper parsing of non-TTY-compliant input files in HLS playlists. Attack...

This vulnerability in ProjectSend allows improper control of resource identifiers in the get_preview function of process.php, potentially enabling una...

This vulnerability in FFmpeg's HLS demuxer allows attackers to bypass file extension checks by using base64-encoded data URIs with specific extensions...

This vulnerability in LearnHouse allows attackers to manipulate resource identifiers in the student assignment submission API, potentially accessing u...

This vulnerability in Xuxueli xxl-job allows attackers to manipulate jobGroup parameters to improperly access resources. It affects xxl-job versions u...

This vulnerability in LitmusChaos Litmus allows attackers to manipulate resource identifiers via the projectID argument, potentially leading to unauth...

This vulnerability in FCJ Venture Builder's appclientefiel 3.0.27 allows attackers to manipulate resource identifiers via the ORDER_ID parameter in HT...

This vulnerability in Control iD RH iD allows attackers to manipulate resource identifiers through the PDF Document Handler component, potentially ena...

This vulnerability in Benner ModernaNet allows attackers to manipulate resource identifiers via the fooId parameter in the /AGE0000700/GetImageMedico ...

This vulnerability in SimpleMachines SMF 2.1.4 allows attackers to manipulate resource identifiers when reading user alerts, potentially leading to im...

This vulnerability in novel-plus allows remote attackers to delete arbitrary files due to missing authorization checks in the file removal function. I...

This vulnerability in EverShop allows attackers to manipulate order UUID parameters to access unauthorized order data. It affects EverShop installatio...

This vulnerability in yungifez Skuul School Management System allows attackers to manipulate resource identifiers through the invoice_id parameter in ...