PYSEC-2025-122

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

CVE-2025-1550 Arbitrary Code Execution via Crafted Keras Config for Model Loading

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

CVE-2025-1550

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

Cleartext Storage Of Sensitive Information

Jenkins is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to improper secret redaction due to config.xml of agents being accessible via the REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted secret values...

CVE-2025-24337

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...

CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

CVE-2025-24337

CVE-2025-24337 : Affects WriteFreely up to version 0.15.1 when using MySQL. Local users can read the config.ini and disclose credentials due to insecure default config access. The impact is credential disclosure (confidentiality and integrity) for local attackers; exploitation is local. The provi...

CVE-2025-24337

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...

PT-2025-3776 · Code Projects · Code-Projects Student Management System

Name of the Vulnerable Software and Affected Versions: code-projects Student Management System version 1.0 Description: A critical issue has been found in the showSubject1 function of the file /config/DbFunction.php. The manipulation of the sid argument leads to SQL injection. The attack can be...

UBUNTU-CVE-2024-52792

LDAP Account Manager LAM is a php webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via mainmanage.php and confmain.php. This allows setting arbitrary config values...

CVE-2024-28146

The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...

Siemens Comos 代码问题漏洞

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. Siemens COMOS suffers from an XXE injection vulnerability that can be exploited by an...

Fuji Electric Monitouch V-SFT 安全漏洞

Fuji Electric Monitouch V-SFT is a human-machine interface HMI configuration software developed by Fuji Electric, which is mainly used in industrial automation, providing touch screen interface design, PDF document viewing, video playback, alarm messages and other functions. Fuji Electric Monitou...

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. An elevation of privilege vulnerability exists in Foxit PDF Reader, which stems from not properly assigning privileges when handling configuration files, and can be exploited by an attacker to elevate...

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

CVE-2022-1884 Remote Command Execution in gogs/gogs

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

Fedora 41 : webkitgtk (2024-b142cc07d0)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b142cc07d0 advisory. Fix login QR code not shown in WhatsApp web. Disable PSON by default again in GTK 3 API versions. Disable DMABuf video sink by default to prevent fi...

CVE-2024-11123

A vulnerability, which was classified as problematic, was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application by the individual developer Chuan Hu. It provides a fast and easy-to-use web graphical interface and many additional features for many LLMs such as ChatGPT. A security vulnerability exists in ChuanhuChatGPT 20240410 and prior versions, which stems from the presenc...

Privilege Escalation

OpenCanary is vulnerable to Privilege Escalation. The vulnerability is due to the config file being stored in an unprivileged user directory, allowing an unprivileged user to modify it and escalate permissions when the root user later runs the daemon...