16 matches found
MiroFish 授权问题漏洞
MiroFish is a crowd intelligence prediction engine developed by BaiFu personally. It is used to simulate and predict the future. Versions of MiroFish prior to 0.1.2 have a licensing issue vulnerability. This vulnerability stems from improper handling of the createapp function in the REST API...
EUVD-2025-209343
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlmember.asp endpoint...
elecV2P 代码注入漏洞
elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a code injection vulnerability. This vulnerability stems from improper handling of the parameter filename by unknown functions in the...
PT-2026-28160
Name of the Vulnerable Software and Affected Versions Saloon versions prior to 4.0.0 Description Saloon is a PHP library used for building API integrations and SDKs. A flaw exists where the library combines a connector's base URL with a request endpoint. If the endpoint is a valid absolute URL,...
Cleartext Transmission of Sensitive Information
Overview open-webui is a Credit: Peter Girnus Brandon Niemczyk...
Azure Linux 3.0 Security Update: kernel (CVE-2024-45010)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45010 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as...
Azure Linux 3.0 Security Update: kernel (CVE-2024-46711)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46711 advisory. - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992545)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992545 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two...
UBUNTU-CVE-2022-50038
In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two refcount leak bugs: 1 when breaking out of foreachendpointofnode, we need call the ofnodeput for the 'ep'; 2 we should call ofnodeput...
CVE-2022-50132
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'privep' assignment in cdns3gadgetepdequeue, cdns3gadgetepenable If 'ep' is NULL, result of eptocdns3epep is invalid pointer and its dereference with privep-cdns3dev may cause panic. Found by Linux...
CVE-2025-22083
In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhostscsisetendpoint If vhostscsisetendpoint is called multiple times without a vhostscsiclearendpoint between them, we can hit multiple bugs found by Haoran Zhang: 1. Use-after-free...
CVE-2025-22083 vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhostscsisetendpoint If vhostscsisetendpoint is called multiple times without a vhostscsiclearendpoint between them, we can hit multiple bugs found by Haoran Zhang: 1. Use-after-free...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 0.9.1 of dify, which stems from improper handling of the apiendpoint parameter and could lead to a server-side request forgery attack...
CVE-2024-2359
The CVE concerns parisneo/lollms-webui v9.3. An OS command injection stems from improper neutralization, enabling remote code execution. Affected component: the host/config handling in the runtime; attacker-controlled host via the /update_setting endpoint bypasses the intended protection on /exec...
An unauthenticated attacker can generate a sizeable CPU load on a Confluence server with a single request.
h3. Issue Summary Confluence has an API endpoint, which combines multiple js resources in a single response:...
Hewlett Packard Enterprise Intelligent Management Center perfSelInsServer Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...