721 matches found
Arbitrary Code Injection
Overview flair is an A very simple framework for state-of-the-art NLP Affected versions of this package are vulnerable to Arbitrary Code Injection through the function ClusteringModel of the file flair\models\clustering.py. An attacker can execute arbitrary code by manipulating the input data to...
CVE-2024-47196
CVE-2024-47196 affects Siemens Questa and ModelSim (ModelSim all versions before V2024.3; Questa before V2024.3). The vulnerability arises from vsimk.exe loading a specific TCL file from the current working directory, enabling an authenticated local attacker to inject arbitrary code and escalate ...
CVE-2024-47195
A vulnerability has been identified in ModelSim All versions V2024.3, Questa All versions V2024.3. gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and...
CVE-2024-47195
CVE-2024-47195 affects Siemens Questa and ModelSim (all versions prior to V2024.3). The issue is an Uncontrolled Search Path Element that allows a local attacker to load a crafted file from the current working directory, enabling arbitrary code execution and privilege escalation when gdb.exe is l...
LLama cpp python binding < 0.2.88 Arbitrary Write Vulnerability
The version of llama.cpp installed on the remote host is prior to 0.2.88. It is, therefore, affected by an arbitrary write vulnerability. This vulnerability was combined with another arbitrary address read vulnerability to achieve RCE, demonstrating the significant impact of the vulnerability. No...
CVE-2024-8374 Arbitrary Code Injection in Cura
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
Cisco Application Policy Infrastructure Controller Privilege Escalation (cisco-sa-capic-priv-esc-uYQJjnuU)
According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a privilege escalation vulnerability that could could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary co...
CVE-2024-44779
CVE-2024-44779 is a reflected cross-site scripting (XSS) vulnerability in the viewname parameter of the index page in vTiger CRM 7.4.0. The issue allows an attacker to execute arbitrary code in the context of a user’s browser via a crafted payload. Affected product: vTiger CRM 7.4.0 (index page, ...
CVE-2024-20478
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-20478
Cisco APIC and Cisco Cloud Network Controller (formerly Cloud APIC) are affected by a vulnerability in the software upgrade component where insufficient signature validation of upgrade images could allow an authenticated administrator to install a modified image and achieve arbitrary code executi...
CVE-2024-20478 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-20478 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
Keras < 2.13 Arbitrary Code Injection
The version of Keras installed on the remote host is prior to 2.13. It is, therefore, affected by an arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 which allows attackers to execute arbitrary code with the same permissions as the application using a model that allow...
CVE-2024-39017
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
Arbitrary Code Injection
Overview ngx-extended-pdf-viewer is a powerful, full-featured PDF viewer for Angular applications. Whether you're building enterprise tools or internal utilities, this library gives you the control and customization options you need, all while preserving a native-like viewing experience. Built on...
SugarSync 代码问题漏洞
SugarSync is software from SugarSync that automates the access and sharing of photos, videos, and files in any folder. A code issue vulnerability exists in SugarSync versions prior to 4.1.3 that originates from a privilege escalation that allows unauthorized local users to inject arbitrary code...
GHSA-4RCH-2FH8-94VW MySQL2 for Node Arbitrary Code Injection
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...