27 matches found
Eval Injection
Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to Eval Injection via the fieldtype parameter in the model execution process. An attacker can execute arbitrary Python code by manipulating the value passed to the eva...
CVE-2026-35002
Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...
CVE-2024-6877
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24...
CVE-2024-5958
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection. This issue affects Panel: before v2.3.24...
CVE-2024-5958
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel: before v2.3.24...
CVE-2024-5959
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Eliz Software Panel allows Stored XSS. This issue affects Panel: before v2.3.24...
CVE-2024-5959 Stored XSS in Eliz Software's Panel
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Eliz Software Panel allows Stored XSS. This issue affects Panel: before v2.3.24...
PT-2024-37921 · Eliz · Eliz Software Panel
Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: For...
PT-2024-37271 · Eliz · Eliz Software Panel
Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue is related to an SQL Injection vulnerability, which allows for Command Line Execution through SQL Injection. This is due to the improper neutralization of special elements us...
Eliz Panel 跨站脚本漏洞
Eliz Panel is a control panel from Eliz, Inc. A cross-site scripting vulnerability exists in Eliz Panel versions prior to 2.3.24, which stems from incorrect neutralization of input during web page generation, allowing for reflection-based cross-site scripting attacks...
Eliz Panel 安全漏洞
Eliz Panel is a control panel from Eliz Corporation. A security vulnerability exists in Eliz Panel versions prior to 2.3.24, which stems from a password storage in plaintext vulnerability...
Eliz Panel SQL注入漏洞
Eliz Panel is a control panel from Eliz Corporation. A SQL injection vulnerability exists in Eliz Panel versions prior to 2.3.24, which arises from an improper neutralization of a particular element used, allowing commands to be executed via SQL injection...
Eliz Panel 跨站脚本漏洞
Eliz Panel is a control panel from Eliz, Inc. A cross-site scripting vulnerability exists in Eliz Panel versions prior to 2.3.24, which stems from incorrect neutralization of inputs during web page generation, allowing stored cross-site scripting attacks...
PT-2024-37272 · Eliz · Eliz Software Panel
Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...
PT-2024-37273 · Eliz · Eliz Software Panel
Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue is related to the plaintext storage of a password in Eliz Software Panel, allowing the use of known domain credentials. Recommendations: For versions prior to 2.3.24, update ...
PT-2024-37922 · Eliz · Eliz Software Panel
Name of the Vulnerable Software and Affected Versions: Eliz Software Panel versions prior to 2.3.24 Description: The issue allows external parties to access files or directories, enabling the collection of data from common resource locations. Recommendations: For versions prior to 2.3.24, update ...
Eliz Panel 安全漏洞
Eliz Panel is a control panel from Eliz Corporation. A security vulnerability exists in Eliz Panel versions prior to 2.3.24 that stems from the presence of a vulnerability where a file or directory is accessible to an external party, which could allow an attacker to collect data from a public...
WordPress plugin jQuery T(-) Countdown Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress jQuery T(-) Countdown Widget Plugin < 2.3.24 is vulnerable to Cross Site Scripting (XSS)
Software jQuery T- Countdown Widget Type Plugin Vulnerable versions 2.3.24 Fixed in 2.3.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0171 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6d69c46b235b Credits Lana...
com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=2.0.2 <=2.0.4), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (>=2.0.2 <=2.0.4) +42 more potentially affected by CVE-2016-3081 via org.apache.struts:struts2-core (>=2.3.24 <=2.3.24.1)
org.apache.struts:struts2-core MAVEN version =2.3.24, =2.0.2, =2.0.2, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24, =2.3.24.1 and more Source cves: CVE-2016-3081 Source advisory: OSV:GHSA-8C6J-FFMF-Q6VM...