Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the asset upload functionality due to improper input sanitization. An attacker can execute arbitrary code and manipulate the file system by uploading executable files or manipulating file paths. Remediation...

Atlassian Jira Service Management Data Center and Server 10.3.1 (JSDSERVER-15978)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15978 advisory. - The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerabl...

Arbitrary Code Injection

Overview pandasai is a Pandas AI is a Python library that integrates generative artificial intelligence capabilities into Pandas, making dataframes conversational. Affected versions of this package are vulnerable to Arbitrary Code Injection through the interactive prompt function. An attacker wit...

CVE-2021-37694

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and al...

Resumes Management and Job Application Website 安全漏洞

Resumes Management and Job Application Website is a resume management and job application website from the individual developers at EGavilan Media. A security vulnerability exists in Resumes Management and Job Application Website version 1.0. An attacker injected arbitrary code via the first and...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection when the user's security key has already been compromised. Workaround This vulnerability can be mitigated by rotating the security key and ensuring its privacy...

CVE-2024-55504

CVE-2024-55504 affects RAR Extractor - Unarchiver Free and Pro (v.6.4.0) on macOS, where the exploit_combined.dylib component enables local code injection that could lead to remote control and access to sensitive data. The issue is rooted in the dylib component and is reflected with a CVSSv3.1 ba...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to an improper parsing of the TypeOne FontBBox. This is due to improper sanitization of the bbox values, which could lead to inconsistencies in font metrics or unexpected behavior. Remediation Upgrade...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to an improper parsing of the TypeOne FontBBox. This is due to improper sanitization of the bbox values, which could lead to inconsistencies in font metrics or unexpected behavior. Remediation Upgrade...

CVE-2024-37773

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen...

Arbitrary Code Injection

Overview @joplin/lib is a joplin core library. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the improper handling of URI schemes in the openExternal function. Note: This is exploitable only for Windows environments. Remediation Upgrade @joplin/lib to version...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to the improper handling of URI schemes in the openExternal function. Note: This is exploitable only for Windows environments. Remediation Upgrade @joplin/utils to version 2.14.1 or higher. References - GitH...

Arbitrary Code Injection

Overview pycel is an A library for compiling excel spreadsheets to python code & visualizing them as a graph Affected versions of this package are vulnerable to Arbitrary Code Injection through the code generation from a crafted formula in an Excel spreadsheet cell. An attacker can execute...

USN-7111-1: Go vulnerabilities

Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. CVE-2022-41723 Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this...

Arbitrary Code Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Arbitrary Code Injection via the absolutePath function, due to missing path normalization, by executing a twig SSTI template. Remediation Upgrade craftcms/cms to version 4.12.2, 5.4.3 or...

Arbitrary Code Injection

Overview torchgeo is a TorchGeo: datasets, samplers, transforms, and pre-trained models for geospatial data Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of specific data inputs. An attacker can execute arbitrary code on the system. Remediation...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection by replacing cmd.exe or placing a fake one in the working directory, which will be executed by ExecutableFinder.php when preparing command arguments. Note: This vulnerability only affects applications running on...

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection through any components that provided the code functionality running on the local machine rather than a sandboxed environment. An attacker can execu...

Arbitrary Code Injection

Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the PythonCodeTool component, due to a lack of validations. Remediation There is no fixed version for langflow. References - GitHub Issue Credi...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file name. An attacker who can upload heic images is able to execute code on the remote server. Remediation Upgrade maestroerror/php-heic-to-jpg to version 1.0.5 or higher. References - GitHub Commit -...