18 matches found
CVE-2025-49652
creationtimestamp| type| source ---|---|--- 2025-06-09 19:48:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17742 2025-06-09 19:48:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lr75iwximc2m...
CVE-2025-49652
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49652
The CVE covers Lablup’s BackendAI, where the registration feature lacks authentication, allowing arbitrary users to create accounts and access private data even when registration is disabled. Concrete impact stated across sources: unauthorized account creation with high/critical severity (CVSS 3....
CVE-2025-49652 Improper access control allows arbitrary account creation
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
Linux Distros Unpatched Vulnerability : CVE-2022-49652
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate ofparsephandle returns a node...
CVE-2022-49652
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not needed anymore. Add missing ofnodeput in to fix this...
CVE-2022-49652
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not needed anymore. Add missing ofnodeput in to fix this...
CVE-2022-49652
CVE-2022-49652 affects the Linux kernel in the dmaengine: ti driver, specifically ti_dra7_xbar_route_allocate. The root cause is a refcount leak caused by not calling of_node_put() on a phandle-derived node when it is no longer needed; of_parse_phandle() returns a node pointer with an incremented...
CVE-2022-49652 dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not needed anymore. Add missing ofnodeput in to fix this...
CVE-2022-49652 dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in tidra7xbarrouteallocate ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not needed anymore. Add missing ofnodeput in to fix this...
CVE-2024-49652
Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through = 1.0.3...
CVE-2024-49652 WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through = 1.0.3...
CVE-2024-49652 WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through = 1.0.3...
WordPress 3D Work In Progress Plugin <= 1.0.3 is vulnerable to Arbitrary File Upload
Software 3D Work In Progress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49652 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 22382aa9215e Credits stealthcopter Required privilege...
CVE-2023-49652
creationtimestamp| type| source ---|---|--- 2023-12-20 11:12:31+00:00| seen| https://t.me/ctinow/156872...
CVE-2023-49652
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...
CVE-2023-49652
The CVE-2023-49652 entry concerns Jenkins Google Compute Engine Plugin (versions up to 4.550.vb_327fca_3db_11 and earlier). The underlying issue is incorrect permission checks that enable attackers with global Item/Configure permission (but without Item/Configure on any specific job) to enumerate...
Jenkins plugins Multiple Vulnerabilities (2023-11-29)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Medium Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped...