40 matches found
📄 Pymatgen 2024.1 CIF Parser Reverse Shell
Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File CIF parser that allows attackers to execute arbitrary Python code through specially crafted CIF files, leading to complete system compromise. The vulnerability exists in the CI...
PT-2025-46999
Name of the Vulnerable Software and Affected Versions Alteryx server versions 2022.1.1.42654 and 2024.1 Description The Alteryx server does not properly validate user authorization when processing API requests that utilize MongoDB object IDs to identify data. Specifically, the server fails to...
Alteryx Server 安全漏洞
Alteryx Server is a cloud-hosted or self-hosted application from Alteryx, Inc. for publishing, sharing and executing workflows. A security vulnerability exists in Alteryx Server versions 2022.1.1.42654 and 2024.1, which stems from a failure to check user permissions and could lead to unauthorized...
CVE-2025-35052
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
EUVD-2025-5287
Malicious code in bioql PyPI...
EUVD-2024-49529
Malicious code in bioql PyPI...
📄 Pymatgen 2024.1 Remote Code Execution
Pymatgen version 2024.1 suffers from a remote code execution vulnerability. Exploit Title : Pymatgen 2024.1 - Remote Code Execution RCE Google Dork : not applicable Date : 2024-11-13 Exploit Author : Mohammed Idrees Banyamer Vendor Homepage : https ://pymatgen.org Software Link : https ://pypi.or...
CVE-2025-1726 [#BUG-000172669 ArcGIS Monitor has a security vulnerability]
There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some...
PT-2025-8739 · Esri · Esri Arcgis Monitor
Name of the Vulnerable Software and Affected Versions: Esri ArcGIS Monitor versions 2023.0 through 2024.x Description: The issue is a SQL injection problem that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted...
CVE-2024-11598
Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation...
PT-2024-17128 · Ivanti · Ivanti Application Control
Name of the Vulnerable Software and Affected Versions: Ivanti Application Control versions prior to 2024.3 HF1 Ivanti Application Control versions prior to 2024.1 HF2 Ivanti Application Control versions prior to 2023.3 HF3 Description: Under specific circumstances, insecure permissions in Ivanti...
This Week in Spring - November 19th, 2024
Hi, Spring fans! How are you? Can you believe we're already staring at the end of the month? It's that time of the year when we see new releases, and the new releases reflect that frenzy! Soon: Spring Boot 3.4.0! Are you updated? Make sure you're updated! Remember: Spring projects leave open sour...
CVE-2024-8067
In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...
Perforce Helix Core 安全漏洞
Perforce Helix Core is a scalable and secure version control system from Perforce. A security vulnerability exists in Perforce Helix Core prior to version 2024.1 Patch 2, which stems from the best fit parameter containing a parameter injection vulnerability...
Intel® oneAPI Math Kernel Library Software Advisory
Summary: A potential security vulnerability in some Intel® oneAPI Math Kernel Library software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-21766 Description: Uncontrolled search path for so...
Intel® GPA Software Advisory
Summary: A potential security vulnerability in some Intel® Graphics Performance Analyzers Intel® GPA software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-28046 Description: Uncontrolled...
Intel® Advisor Software Advisory
Summary: A potential security vulnerability in some Intel® Advisor software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-26025 Description: Incorrect default permissions for some Intel®...
SolarWinds Platform 2024.1 SR1 Race Condition
Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...
SolarWinds Platform 2024.1 SR1 - Race Condition
Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...
SolarWinds Platform 2024.1 SR1 - Race Condition Expoit
Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...