CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

CVE-2024-47485

CVE-2024-47485 describes a CSV injection vulnerability in some HikCentral Master Lite versions. The CSV injection could allow an attacker to craft data that leads to executable commands when the CSV file is processed. Affected component is the HikCentral Master Lite CSV handling; root cause is in...

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...

OpenSight FlashFXP 代码问题漏洞

OpenSight FlashFXP is a secure FTP client software for Windows from OpenSight. A code issue vulnerability exists in OpenSight FlashFXP version 5.4.0.3970, which stems from an unknown function in the library libcrypto-11.dll in the file FlashFXP.exe that can lead to uncontrolled search paths...

VSO ConvertXtoDvd 代码问题漏洞

VSO ConvertXtoDvd is a software from VSO that can convert video to any format. A code issue vulnerability exists in VSO ConvertXtoDvd version 7.0.0.83, which stems from a function avcodec.dll in the file ConvertXtoDvd.exe that results in an uncontrolled search path. No details of the vulnerabilit...

Qnap QTS Classic Buffer Overflow (CVE-2023-32968)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Qnap QTS Classic Buffer Overflow (CVE-2023-45037)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

YushuTechUnitreeGo1

Based on the provided code, it appears to be a Windows executable file PE file that contains a malicious payload. The file is encoded with a custom algorithm, making it difficult to analyze without decoding. The code is written in C and uses various techniques to evade detection, including: 1. Co...

CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

CVE-2024-47867

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is a lack of integrity check on the downloaded FRP client, which could potentially allow attackers to introduce malicious code. If an attacker gains access to the remote URL from which the FRP client is...

graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java

A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...

graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java

A vulnerability was found in GraphQL Java, affecting versions prior to 21.5. This flaw allows an attacker to perform a denial of service DoS attack via introspection queries. The issue arises due to the improper handling of ExecutableNormalizedFields ENFs, which are not adequately considered duri...

CVE-2024-47194

A vulnerability has been identified in ModelSim All versions V2024.3, Questa All versions V2024.3. vish2.exe in affected applications allows a specific DLL file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and escalate...

CVE-2024-47195

A vulnerability has been identified in ModelSim All versions V2024.3, Questa All versions V2024.3. gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and...

Transport Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Transport Management System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

DEBIAN-CVE-2024-0123

NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the user into running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial ...

DEBIAN-CVE-2024-0124

NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service...

NVIDIA CUDA toolkit 资源管理错误漏洞

The NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A resource management error vulnerability exists in the NVIDIA CUDA toolkit. An attacker could exploit this vulnerability by running nvdisasm on...