28 matches found
EUVD-2023-3182
Malicious code in bioql PyPI...
EUVD-2023-47675
Malicious code in bioql PyPI...
CVE-2024-47210
Gladys Assistant before 4.45.1 allows Privilege Escalation a user changing their own role because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js...
CVE-2023-43256
A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...
CVE-2023-47440
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...
CVE-2024-47210
Gladys Assistant before 4.45.1 allows Privilege Escalation a user changing their own role because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js...
CVE-2024-47210
Gladys Assistant before 4.45.1 allows Privilege Escalation a user changing their own role because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js...
CVE-2024-47210
Summary: CVE-2024-47210 affects Gladys Assistant prior to 4.45.1. The issue enables privilege escalation by a user changing their own role, via untrusted input (req.body.role) in updateMySelf within server/api/controllers/user.controller.js. Details from connected sources: All records describe a ...
CVE-2024-47210
Gladys Assistant before 4.45.1 allows Privilege Escalation a user changing their own role because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js...
CVE-2024-47210
Gladys Assistant before 4.45.1 allows Privilege Escalation a user changing their own role because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js...
Gladys Assistant 安全漏洞
Gladys Assistant is a source home assistant software from Gladys Assistant open source. A security vulnerability exists in Gladys Assistant versions prior to 4.45.1 that stems from allowing elevation of privilege...
Directory Traversal in Gladys Assistant
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...
GHSA-C79F-PQGF-FHP3 Directory Traversal in Gladys Assistant
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...
CVE-2023-47440
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...
CVE-2023-47440
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...
CVE-2023-47440
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...
Directory traversal
Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...
Gladys Assistant Security Breach
Gladys Assistant is a source home assistant software from Gladys Assistant open source. A security vulnerability exists in Gladys Assistant v4.27.0 and earlier versions. An attacker can exploit the vulnerability to extract sensitive files from the host computer...
PT-2023-30450 · Unknown · Gladys Assistant
Name of the Vulnerable Software and Affected Versions: Gladys Assistant versions prior to 4.27.0 Description: The issue allows authenticated attackers to extract sensitive files from the host machine due to a Directory Traversal problem. The patch for this problem was found to be incomplete...
CVE-2023-47440
Gladys Assistant v4.27.0 and earlier are affected by a Directory Traversal vulnerability associated with CVE-2023-47440. The issue stems from an incomplete patch to CVE-2023-43256, allowing authenticated attackers to extract sensitive files from the host machine. The CVSS, as listed, indicates an...