RHCOS 6 : rubygem-activesupport (RHSA-2013:0202)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0202 advisory. - rubygem-activesupport: json to yaml parsing CVE-2013-0333 Note that Nessus has not tested for this issue but has instead relied only on the...

CVE-2010-0333

SQL injection vulnerability in the Helpdesk mghelp extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

EUVD-2026-0333

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

Linux Distros Unpatched Vulnerability : CVE-2017-0333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the...

CVE-2025-0333

A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2020-0333

In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755...

CVE-2019-0333

In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information...

CVE-2025-0333

A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2025-0333

creationtimestamp| type| source ---|---|--- 2025-01-09 05:01:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113796638129849777 2025-01-09 05:14:03+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/887 2025-01-09 05:15:40+00:00| seen|...

CVE-2025-0333

CVE-2025-0333 affects leiyuxi cy-fast 1.0, specifically the listData function in /sys/role/listData. The root cause is manipulation of the argument order that enables SQL injection, with remote exploitation possible and the exploit publicly disclosed. Multiple sources corroborate the existence of...

CVE-2025-0333 leiyuxi cy-fast listData sql injection

A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2025-0333 leiyuxi cy-fast listData sql injection

A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

Ruby On Rails JSON Processor YAML Deserialization Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails JSON Processor YAML Deserialization Scanner', 'Description' = %q This module attempts to identify Ruby on Rails instances vulnerabl...

openSUSE Security Advisory (openSUSE-SU-2024:0020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : qt5-webengine -- Multiple vulnerabilities (a11e7dd1-bed4-11ee-bdd6-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a11e7dd1-bed4-11ee-bdd6-4ccc6adda413 advisory. - Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker...

Debian dsa-5598 : chromium - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5598 advisory. - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious...

Chromium: CVE-2024-0333 Insufficient data validation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2024-0333

CVE-2024-0333 involves Google Chrome/Chromium where the vulnerability resides in the Extensions subsystem. The root cause is insufficient data validation in Extensions, allowing a crafted HTML page to cause installation of a malicious extension when the user is in a privileged network position. A...

CVE-2024-0333

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...

[SECURITY] [DSA 5598-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5598-1 [email protected] https://www.debian.org/security/ Andres Salomon January 10, 2024 https://www.debian.org/security/faq -...