CVE-2024-36420

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1852)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-37608 · Ingenico · Ingenico Estate Manager

Name of the Vulnerable Software and Affected Versions: Ingenico Estate Manager version 2023 Description: A problematic vulnerability was found in the New Widget Handler component, affecting an unknown functionality of the file /emgui/rest/preferences/PREF HOME PAGE/sponsor/3/. The manipulation of...

CVE-2024-5980

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

CVE-2024-5980 Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

CVE-2024-5980

The CVE-2024-5980 entry describes a path-traversal vulnerability in lightning-ai/pytorch-lightning v2.2.4 exposed via the /v1/runs API endpoint. When the LightningApp runs with the plugin_server, malicious tar.gz plugins can embed arbitrary files using path traversal, allowing writes to arbitrary...

CVE-2024-5980 Arbitrary File Write via /v1/runs API endpoint in lightning-ai/pytorch-lightning

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

Denial Of Service (DoS)

ZenML is vulnerable to a Denial Of Service DoS. The vulnerability is due to improper handling of line feed \n characters in component names, allowing an attacker to cause uncontrolled resource consumption by adding a component through an API endpoint api/v1/workspaces/default/components...

PT-2024-28291 · Unknown · Px4-Autopilot

Name of the Vulnerable Software and Affected Versions: PX4-Autopilot version 1.14.3 Description: A buffer overflow issue was discovered in PX4-Autopilot via the topic name parameter at the "/logger/logged topics.cpp" API endpoint. Recommendations: For PX4-Autopilot version 1.14.3, as a temporary...

Improper line feed handling in zenml

A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...

GHSA-7GJR-HCC3-XFR4 Improper line feed handling in zenml

A denial of service DoS vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character, it...

CVE-2024-4460

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-4460

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-4460

CVE-2024-4460: ZenML prior to v0.57.1 is affected by a DoS due to improper handling of newline characters in component names when adding components via API (api/v1/workspaces/default/components). This can cause uncontrolled resource consumption and prevent adding components or registering stacks;...

CVE-2024-4460

...

CVE-2024-4460

...

PT-2024-25526 · Virtosoftware · Virto Bulk File Download

Name of the Vulnerable Software and Affected Versions: VirtoSoftware Virto Bulk File Download version 5.5.44 for SharePoint 2019 Description: An issue was discovered that allows arbitrary file download and deletion via absolute path traversal in the path parameter of the isCompleted method in the...

PT-2024-31195 · Zenml Io · Zenml

Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.56.3 Description: A denial of service issue exists due to improper handling of line feed characters in component names. When a low-privileged user adds a component through the API endpoint...

CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST

Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...

CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST

Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...