[SECURITY] Fedora 40 Update: curl-8.6.0-8.fc40

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of user-supplied input in the server's handlers, allowing attackers to access arbitrary files on the server by crafting HTTP POST requests with specially crafted parameters...

mlflow Path Traversal vulnerability

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

GHSA-F82R-JJ5R-6G97 mlflow Path Traversal vulnerability

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

CVE-2024-1483

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifactlocation' and 'source' parameters, using a local URI with '' instead of '?', an attacker can...

CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to denial of service through uncontrolled resource consumption. An attacker can trigger repeated unauthenticated POST requests at /open_code_in_vs_code and similar endpoints to repeatedly open VS Code or the default folder opener, exhausting system resources an...

CVE-2024-1601

CVE-2024-1601 affects parisneo/lollms-webui; an SQL injection exists in delete_discussion() exploitable via a crafted POST to /delete_discussion with a malicious id parameter, allowing deletion of all records in the discussion and message tables. Impact is data loss; reports indicate this can be ...

CVE-2024-1483

Summary: CVE-2024-1483 is a path traversal vulnerability in mlflow/mlflow 2.9.2 that allows an attacker to access arbitrary server files. The issue stems from insufficient validation of user-supplied input in server handlers, enabling traversal via crafted HTTP POST requests using crafted artifac...

CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

TP-LINK AC1350 Denial of Service Vulnerability

The TP-LINK AC1350 is a router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK AC1350, which can be exploited by an attacker to cause a denial of service in the device's web interface via a specially crafted HTTP POST request...

CVE-2023-40148

Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...

CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability

Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...

CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability

Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...