876 matches found
CVE-2024-37228
Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.38...
CVE-2024-37109
Improper Control of Generation of Code 'Code Injection' vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7...
CVE-2024-5683
Improper Control of Generation of Code 'Code Injection' vulnerability in Next4Biz CRM & BPM Software Business Process Manangement BPM allows Remote Code Inclusion. This issue affects Business Process Manangement BPM: from 6.6.4.4 before 6.6.4.5...
PT-2024-27397 · Unknown · Instawp Connect
Name of the Vulnerable Software and Affected Versions: InstaWP Connect versions 0.1.0.38 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Code Injection. Recommendations: For InstaWP Connect versions 0.1.0.38 a...
WordPress plugin WishList Member X Code Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code injection...
WordPress plugin InstaWP Connect code injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
WordPress plugin Advanced Custom Fields PRO Code Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability previously...
LiteLLM 代码注入漏洞
LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from a code injection vulnerability that stems from improper control over code generation, leading to a remote code execution RCE vulnerability...
GLSA-202405-15 : Mozilla Firefox: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202405-15 Mozilla Firefox: Multiple Vulnerabilities - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects...
Range-Based Loop Execution
vyper is vulnerable to Range-Based Loop Execution. The vulnerability is due to incorrect assertion handling in the code generation of the range statement stmt.parseForrange within file stmt.py, which allows attackers to manipulate loop parameters...
vyper's range(start, start + N) reverts for negative numbers
Summary When looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. Details This issue is caused by an incorrect assertion inserted by the code generation of the range stmt.parseForrange:...
GHSA-PPX5-Q359-PVWJ vyper's range(start, start + N) reverts for negative numbers
Summary When looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. Details This issue is caused by an incorrect assertion inserted by the code generation of the range stmt.parseForrange:...
PYSEC-2024-246
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...
CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...
CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...
CVE-2024-32481
Vyper (Pythonic EVM language) is affected by CVE-2024-32481 in versions from 0.3.8 up to, but not including, 0.4.0b1. The vulnerability arises when looping with range(start, start + N) where start is negative; an incorrect assertion in the code generation of the range statement (stmt.parse_For_ra...
WordPress plugin Anti-Malware Security and Brute-Force Firewall 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...
Mozilla: Out-of-bounds-read after mis-optimized switch statement
The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...
Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
The Mozilla Foundation Security Advisory describes this flaw as: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection...
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...