1756-EN2TR Series A, B Security Vulnerabilities

CVE-2024-5935 CSRF Vulnerability in imartinez/privategpt

A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's...

CVE-2024-5755 Email Validation Bypass in lunary-ai/lunary

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the same email address (e.g., '[email protected]' and '[email protected]'), leading to...

CVE-2024-5936 Open Redirect in imartinez/privategpt

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this...

CVE-2024-5824 Path Traversal in parisneo/lollms

A path traversal vulnerability in the /set_personality_config endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as force_accept_remote_access and...

CVE-2024-5885 Server-Side Request Forgery (SSRF) in stangirard/quivr

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain...

CVE-2024-6085 Path Traversal in parisneo/lollms

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be.....

CVE-2024-5822 Server-Side Request Forgery (SSRF) in gaizhenbiao/ChuanhuChatGPT

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources,...

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

CVE-2024-6038 ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history....

CVE-2024-6250 Absolute Path Traversal in parisneo/lollms-webui

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the open_file endpoint of lollms_advanced.py. The sanitize_path function with allow_absolute_path=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability....

imsuc.ac.in Open Redirect vulnerability OBB-3939312

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

CVE-2024-5751 Remote Code Execution in BerriAI/litellm

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the add_deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by...

CVE-2024-5826 Remote Code Execution via Prompt Injection in vanna-ai/vanna

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

CVE-2024-5979 Denial of Service via Invalid Argument in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, the run_tool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of...

CVE-2024-3330 Spotfire Remote Code Execution Vulnerability

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction...

CVE-2024-3017 Denial of service in multi-protocol gateway - Zigbee + Thread

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor (RCP) causes the OpenThread Border Router(OTBR) application task running on the host platform to crash, allowing an attacker to cause a temporary...

CVE-2024-4578 Privilege escalation in Arista Wireless Access Points

This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to...

CVE-2023-38370 IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: ...

CVE-2023-38368 IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...

CVE-2023-38368 IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could disclose sensitive information to a local user to do improper permission controls. IBM X-Force ID: ...

CVE-2023-30997 IBM Security Access Manager Docker privilege escalation

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...

CVE-2023-30997 IBM Security Access Manager Docker privilege escalation

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...

CVE-2023-30998 IBM Security Access Manager Docker privilege escalation

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...

CVE-2023-30998 IBM Security Access Manager Docker privilege escalation

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: ...

CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY...

CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY...

Thousands of UEFA Customer Credentials Sold on Dark Web

Cybercriminals targeting Euro 2024 fans & organizers! Phishing scams, illegal content sites, malware-laced apps & ticket fraud threaten the game. Learn how to protect yourself & ensure a safe Euro 2024...

CVE-2024-35153

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2024-35153

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2024-24792

Parsing a corrupt or malicious image with invalid color indices can cause a...

CVE-2024-24792

Parsing a corrupt or malicious image with invalid color indices can cause a...

CVE-2023-42014

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within....

CVE-2023-42014

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within....

thewonderroom.gr Cross Site Scripting vulnerability OBB-3939311

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-34102

CVE-2024-34102: Unauthenticated Magento XXE CVEHunter tool...

Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz

The following Rapid7 analysts contributed to this research: Leo Gutierrez, Tyler McGraw, Sarah Lee, and Thomas Elkins. Executive Summary On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the...

CVE-2023-42014 IBM Sterling B2B Integrator Standard Edition cross-site scripting

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within....

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

AI has since replaced "cryptocurrency" and "blockchain" as the cybersecurity buzzwords everyone wants to hear. We're not getting as many headlines about cryptocurrency miners, the security risks or promises of the blockchain, or non-fungible tokens being referenced on "Saturday Night Live." A...

Denial of service in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc

The grpc Unary Server Interceptor created by the otelgrpc package added the labels net.peer.sock.addr and net.peer.sock.port with unbounded cardinality. This can lead to the server's potential memory exhaustion when many malicious requests are sent. This leads to a...

CVE-2024-24792 Panic when parsing invalid palette-color images in golang.org/x/image

Parsing a corrupt or malicious image with invalid color indices can cause a...

disfm.iisfm.nic.in Cross Site Scripting vulnerability OBB-3939309

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-35153 IBM WebSphere Application Server cross-site scripting

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2024-35153 IBM WebSphere Application Server cross-site scripting

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

cghr4u.cgglobal.com Cross Site Scripting vulnerability OBB-3939308

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Polyfill Library Injected with Malware Impacting 100,000 Websites

A trusted JavaScript library, Polyfill.io, became a malware delivery system. Security experts exposed the attack and the potential consequences for website visitors. Learn how this supply chain attack highlights the importance of web development security and what steps developers can take to...

CVE-2022-38383

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

vdo.ai Cross Site Scripting vulnerability OBB-3939307

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...