206 matches found
AnythingLLM Code Injection Vulnerability
AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM has a code injection vulnerability that stems from the ImportedPlugin.importCommunityItemFromUrl function downloads a ZIP file and extracts it without verifying the path to the file within the archive, which can be...
PT-2026-22040
Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.0 Description Manyfold is a self-hosted web application used for managing 3D models, with a focus on 3D printing. Prior to version 0.133.0, a logged-in user could achieve Remote Code Execution RCE when model...
CVE-2020-37193
CVE-2020-37193 concerns ZIP Password Recovery 2.30, which contains a denial-of-service vulnerability that can crash the application when a specially prepared text file (with specific characters) is used while selecting a ZIP file. The initial document provides CVSS data (4.0/4.6 in CVSS 4.0 with ...
Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass Vulnerability
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
MiracleLinux 4 : firefox-60.2.0-1.0.1.AXS4 (AXSA:2018-3323:06)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3323:06 advisory. Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 CVE-2018-12376 Mozilla: Use-after-free in driver timers CVE-2018-12377 Mozilla:...
CVE-2022-50936
WBCE CMS version 1.5.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious droplets through the admin panel. Authenticated attackers can exploit the droplet upload functionality in the admin tools to create and execute arbitrary PHP code by...
EUVD-2023-60209
TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploade...
EUVD-2015-9117
Malware in sbrugna...
EUVD-2014-6005
Malware in sbrugna...
EUVD-2021-1502
Malware in sbrugna...
EUVD-2016-5313
Malware in sbrugna...
EUVD-2006-2007
Malware in sbrugna...
EUVD-2003-0421
Malware in sbrugna...
EUVD-2019-4389
Malware in sbrugna...
EUVD-2009-0847
Malware in sbrugna...
EUVD-2010-0130
Malware in sbrugna...
EUVD-2011-2635
Malware in sbrugna...
EUVD-2023-49992
Malicious code in bioql PyPI...
Ashlar-Vellum Cobalt 缓冲区错误漏洞
Ashlar-Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar-Vellum. A buffer error vulnerability exists in Ashlar-Vellum Cobalt that stems from a lack of validation of user-supplied data when parsing an AR file, which could lead to an out-of-bounds write th...
CVE-2025-41392
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute...