Lucene search
K

63 matches found

Patchstack
Patchstack
added 2024/11/11 12:0 a.m.13 views

WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Plugin <= 2.4.9 is vulnerable to Arbitrary File Upload

Software Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Type Plugin Vulnerable versions = 2.4.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52384 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID...

9.9CVSS7.2AI score0.00478EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2024/07/15 3:27 p.m.12 views

How an AI “artist” stole a woman’s face, with Ali Diamond (Lock and Code S05E15)

This week on the Lock and Code podcast… Full-time software engineer and part-time Twitch streamer Ali Diamond is used to seeing herself on screen, probably because she’s the one who turns the camera on. But when Diamond received a Direct Message DM on Twitter earlier this year, she learned that h...

7.5AI score
Exploits0
NVD
NVD
added 2024/02/22 10:15 p.m.18 views

CVE-2024-26152

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

6.1CVSS4.8AI score0.02199EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/02/22 9:52 p.m.12 views

CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

4.7CVSS4.8AI score0.02199EPSS
Exploits1References4
OSV
OSV
added 2024/02/22 9:52 p.m.25 views

CVE-2024-26152 Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a Choices or Labels tag, resulting in an XSS vulnerability. Details Need permission to use the "data import" function. This was reproduced on Label...

4.7CVSS4.7AI score0.02199EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2023/11/14 9:54 p.m.367 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

PNG Image Generator This Python script generates a PNG image...

6.5CVSS7AI score0.89855EPSS
Exploits28
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.6 views

Red Hat OpenShift Assisted Installer 日志信息泄露漏洞

Red Hat OpenShift Assisted Installer is an assisted boot installer from Red Hat USA. A security vulnerability exists in Red Hat OpenShift Assisted Installer that stems from an image pulling secret being leaked in plaintext in the installation log during the generation of the Discovery ISO...

5.5CVSS5.4AI score0.00249EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2021/09/17 12:0 a.m.6 views

The vulnerability of the software’s image generation function for monitoring IT infrastructure in Centreon allows a hacker to execute arbitrary SQL commands.

The vulnerability of the software’s image generation function for monitoring IT infrastructure in Centreon relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by executing the script...

8.5CVSS8.1AI score0.29424EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/03 4:15 p.m.4 views

CVE-2021-37557

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter...

8.8CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2021/08/03 4:15 p.m.21 views

CVE-2021-37557

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter...

8.8CVSS0.29424EPSS
Exploits1References2
Prion
Prion
added 2021/08/03 4:15 p.m.11 views

Sql injection

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter...

6.5CVSS8.8AI score0.29424EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/08/03 3:34 p.m.59 views

CVE-2021-37557

Centreon contains a SQL injection vulnerability in image generation (generateImage.php index parameter) that affects Centreon versions prior to 20.04.14, 20.10.8, and 21.04.2. The flaw allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands. The vulnerability ...

8.8CVSS8.8AI score0.29424EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2021/03/05 12:55 p.m.2 views

Command Injection

Overview madge is a Madge is a developer tool for generating a visual graph of your module dependencies, finding circular dependencies, and give you other useful info. Affected versions of this package are vulnerable to Command Injection. It is possible to specify a custom Graphviz path via the...

9.8CVSS6.9AI score0.02057EPSS
Exploits1References2
Microsoft KB
Microsoft KB
added 2020/10/20 12:0 a.m.37 views

KB2793634 - Windows Installer starts repeatedly after you install SQL Server 2012 SP1

KB2793634 - Windows Installer starts repeatedly after you install SQL Server 2012 SP1 Symptoms After you install SQL Server 2012 SP1 on a computer, the Windows Installer Msiexec.exe process is repeatedly started to repair certain assemblies. Additionally, the following events are logged in the...

6.5AI score
Exploits0
CNVD
CNVD
added 2019/12/30 12:0 a.m.4 views

Orca Input Validation Error Vulnerability

Orca is a command line application for generating static images for interactive drawing. An input validation error vulnerability exists in Orca. An attacker could exploit the vulnerability to execute code...

7.3CVSS7.2AI score0.00506EPSS
Exploits0References1
Prion
Prion
added 2019/04/29 4:29 p.m.14 views

Design/Logic Flaw

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4...

6.8CVSS8.4AI score0.00504EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/04/29 4:29 p.m.25 views

CVE-2018-5123

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4...

8.8CVSS8.4AI score0.00504EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/04/29 3:34 p.m.26 views

CVE-2018-5123

A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4...

8.4AI score0.00504EPSS
Exploits1References1
Fedora
Fedora
added 2016/05/07 1:50 p.m.13 views

[SECURITY] Fedora 24 Update: python-tgcaptcha2-0.3.1-1.fc24

TGCaptcha2 is a TurboGears widget that provides an easy way to incorporate a captcha as part a form in an attempt to reduce spam or malicious activity. Features include: Relatively pain-free usage and validation inside of a regular widget-based form Flexibility to add or extend image generation...

2.5AI score
Exploits0
Fedora
Fedora
added 2016/04/24 8:56 p.m.17 views

[SECURITY] Fedora 23 Update: python-tgcaptcha2-0.3.1-1.fc23

TGCaptcha2 is a TurboGears widget that provides an easy way to incorporate a captcha as part a form in an attempt to reduce spam or malicious activity. Features include: Relatively pain-free usage and validation inside of a regular widget-based form Flexibility to add or extend image generation...

2.5AI score
Exploits0
Rows per page
Query Builder