2005 matches found
CVE-2024-4460
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-4460
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-4460
CVE-2024-4460: ZenML prior to v0.57.1 is affected by a DoS due to improper handling of newline characters in component names when adding components via API (api/v1/workspaces/default/components). This can cause uncontrolled resource consumption and prevent adding components or registering stacks;...
CVE-2024-4460
...
CVE-2024-4460
...
PT-2024-25526 · Virtosoftware · Virto Bulk File Download
Name of the Vulnerable Software and Affected Versions: VirtoSoftware Virto Bulk File Download version 5.5.44 for SharePoint 2019 Description: An issue was discovered that allows arbitrary file download and deletion via absolute path traversal in the path parameter of the isCompleted method in the...
PT-2024-31195 · Zenml Io · Zenml
Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.56.3 Description: A denial of service issue exists due to improper handling of line feed characters in component names. When a low-privileged user adds a component through the API endpoint...
CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...
CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...
CVE-2024-27141
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...
Remote Code Execution
langflow is vulnerable to Remote Code Execution. The vulnerability is due to untrusted users being able to reach the POST /api/v1/customcomponent endpoint and provide a Python script, allowing an attacker to execute arbitrary code...
CVE-2024-37014
CVE-2024-37014 affects Langflow up to version 0.6.19. The vulnerability allows remote code execution when an untrusted user can access the endpoint POST /api/v1/custom_component and provide a Python script. The cited sources describe this vector and the resulting arbitrary code execution, with im...
PT-2024-27049
Name of the Vulnerable Software and Affected Versions: nukeviet versions 4.5 and earlier nukeviet-egov versions 1.2.02 and earlier Description: The issue is related to a Deserialization vulnerability, which can result in code execution. This can be achieved via the "/admin/extensions/download.php...
CVE-2024-2035
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
PYSEC-2024-169
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
CVE-2024-2035
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
CVE-2024-2035 Improper Authorization in zenml-io/zenml
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...
CVE-2024-1879
A Cross-Site Request Forgery CSRF vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a us...