Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

EUVD-2023-27989

Malicious code in bioql PyPI...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in versions prior to Flowise 3.0.1 that stems from the lack of authentication and role-based access control in the default installation, which could lead to the execution of un-sandboxed ...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from the lack of authentication procedures, which allow unauthorized users to modify the status of tasks in publicly accessible projects.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely modify the status of tasks in publicly accessible projects...

CVE-2024-12537

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the api/v1/utils/code/format endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely...

CVE-2024-12537

In version 0.3.32 of open-webui/open-webui, the absence of authentication mechanisms allows any unauthenticated attacker to access the api/v1/utils/code/format endpoint. If a malicious actor sends a POST request with an excessively high volume of content, the server could become completely...

PT-2025-12138 · Unknown · Open-Webui

Name of the Vulnerable Software and Affected Versions: open-webui/open-webui version 0.3.32 Description: The absence of authentication mechanisms in open-webui/open-webui allows any unauthenticated attacker to access the api/v1/utils/code/format endpoint. If a malicious actor sends a POST request...

The vulnerability of the Core server component of Oracle WebLogic Server allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Oracle WebLogic Server application server’s Core component is related to the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Service Requests component of the Oracle Customer Care software solution in the Oracle E-Business Suite, which allows a perpetrator to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Service Requests component in the Oracle Customer Care software of the Oracle E-Business Suite lies in the lack of an authentication mechanism. Exploiting this vulnerability allows a malicious actor to manipulate the confidentiality and integrity of protected information...

The vulnerability of the Mattermost instant messaging application, related to the absence of an authentication process that allows a malicious user to delete any message they want.

The vulnerability of the Mattermost instant messaging application is related to the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor to delete any message at will...

The vulnerability of the hyper-converged infrastructure of the Microsoft Azure Stack (HCI) is related to the absence of authentication procedures that allow attackers to escalate their privileges.

The vulnerability of the hyper-converged infrastructure of the Microsoft Azure Stack HCI platform is related to the absence of authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the JetBrains YouTrack project management and task management software, related to the absence of an authentication process that prevents unauthorized access to protected information.

The vulnerability of the JetBrains YouTrack project and task management software is related to the absence of an authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the TMOS Shell configuration tool, which is used for managing monitors in the BIG-IP Access Policy Manager, as well as in programs like BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, allows a perpetrator to increase their privileges.

The vulnerability of the TMOS Shell configuration tool, which is used for managing monitors in the BIG-IP Access Policy Manager, as well as programs like BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP...

The vulnerability of the JetBrains YouTrack project management and task management software, related to the absence of an authentication process that allows unauthorized users to elevate their privileges.

The vulnerability of the JetBrains YouTrack project management and task management software is related to the absence of an authentication process. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...

The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows a perpetrator to establish a VPN session on a vulnerable device.

The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD is related to the absence of authentication procedures. Exploiting this vulnerability allows a...

The vulnerability of the SAP Master Data Governance data management platform lies in the absence of authentication procedures, which allow attackers to escalate their privileges and disclose protected information.

The vulnerability of the SAP Master Data Governance data management platform is related to the absence of authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges and disclose sensitive information...

The vulnerabilities of the System Management Module (SMM/SMM2) and the Fan Power Controller (FPC) in the microprogramming software of Lenovo’s storage systems such as ThinkSystem, ThinkAgile, NeXtScale, as well as Lenovo CP-CB-10 laptops, allow attackers to gain unauthorized access to protected information.

The vulnerability of the System Management Module SMM/SMM2 and the Fan Power Controller FPC in the microprogramming software of Lenovo’s storage systems such as ThinkSystem, ThinkAgile, NeXtScale, as well as Lenovo CP-CB-10 laptops, is related to the absence of authentication for critical...

The vulnerability of the JetBrains YouTrack project management and task management software, related to the absence of an authentication process that prevents unauthorized access to projects.

The vulnerability of the JetBrains YouTrack project management and task management software is related to the absence of an authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the project...

The vulnerability of the Apache Shiro framework, related to the absence of authentication procedures, allows attackers to upload specially created malicious files.

The vulnerability of the Apache Shiro framework is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to download a specially created malware file remotely...

SAP Diagnostics Agent 访问控制错误漏洞

SAP Diagnostics Agent is a system diagnostics agent program from SAP, Germany. An access control error vulnerability exists in SAP Diagnostics Agent version 720 that stems from a lack of authentication and code entry cleanup...