CVE-2024-36050

CVE-2024-36050 affects Nix up to version 2.22.1, where mishandling of hash caches enables an attacker to substitute attacker-controlled source code by luring a maintainer into accepting a malicious pull request. The available data specify a MEDIUM severity (CVSS 3.1 base score 4.3) with no disclo...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

PT-2024-26864 · Nix +1 · Nix +1

Name of the Vulnerable Software and Affected Versions: Nix versions prior to 2.22.1 Description: The issue makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request. This is due to the mishandli...

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...

CVE-2024-3403

CVE-2024-3403 affects imartinez/privategpt v0.2.0 with a local file inclusion weakness that enables reading arbitrary files via manipulated file upload, exposing files through the app’s “Search in Docs” feature or AI queries. Impact notes in sources include potential remote code execution by expo...

CVE-2024-3403 Local File Inclusion in imartinez/privategpt

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...

CVE-2024-3403 Local File Inclusion in imartinez/privategpt

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...

CVE-2024-33485

CASAP Automated Enrollment System, version V1.0, contains a SQL Injection in the login.php component (PHP/MySQLi) that could allow a remote attacker to leak sensitive information. Root cause: improper handling of user input in SQL queries. Mitigation in the connected document: disable the login f...

RHEL 7 : developer_environment (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Developer environment: Homoglyph characters can lead to trojan source attack CVE-2021-42694 - An issue wa...

Europol Hacked? IntelBroker Claims Major Law Enforcement Breach

By Waqas Notorious hacker IntelBroker claims a major data breach at Europol. Allegedly, sensitive data including employee info, source code, and operational documents were compromised. Europol has yet to confirm the breach. Could this expose ongoing investigations and endanger law enforcement...

IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data

By Waqas Hackers claim to have breached a third-party contractor of HSBC and Barclays, stealing sensitive data including database files, source code, and more. This is a post from HackRead.com Read the original post: IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data...

Clinic Queuing System 1.0 - RCE

Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...

Vercel Source Code Exposure

Vercel is a popular Cloud provider helping developers hosting their javascript and typescript codebases. Vercel publishes the '/src' endpoint which allows project team members to view application source code. When the 'Logs and Source Protection' option is disabled, the default protection is...

ROS-20240503-05

Microsoft Visual Studio Codef source code editor vulnerability is related to flaws in access control. access. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his or her privileges...

CVE-2024-27025

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...

CVE-2024-27025 nbd: null check for nla_nest_start

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...

CVE-2024-27025

CVE-2024-27025 concerns the Linux kernel: a NULL return from nla_nest_start() could lead to NULL pointer dereference if not checked. The patch inserts a NULL check and sets errno consistent with other call sites, preventing a potential crash. Public references show the issue resolved in the kerne...

CVE-2024-27025

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...

CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure

E-WEBInformationCo. FS-EZViewerWeb exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...