88 matches found
Joomla 3.0.x < 3.10.17 / 4.0.x < 4.4.7 / 5.0.x < 5.1.3 Multiple Vulnerabilities (5910-joomla-5-1-3-and-4-4-7-security-and-bug-fix-release)
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.10.17, 4.0.x prior to 4.4.7, or 5.0.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - Inadequate validation of URLs could result into an invalid check...
CVE-2024-27184 [20240801] - Core - Inadequate validation of internal URLs
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...
CVE-2024-27184
CVE-2024-27184 affects Joomla! core and concerns inadequate validation of internal/redirect URLs, where a redirect URL check may be incorrect. The connected documents consistently describe this as a URL validation vulnerability in Joomla core, with no explicit exploit details provided. The issue ...
PT-2024-38375 · WordPress · Crm Perks Forms
Name of the Vulnerable Software and Affected Versions: CRM Perks Forms plugin for WordPress versions up to, and including, 1.1.3 Description: The issue is related to arbitrary file uploads due to insufficient file validation on the handle uploaded files function. This allows authenticated attacke...
CVE-2024-21729 [20240701] - Core - XSS in accessible media selection field
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field...
GHSA-8F8Q-Q2J7-7J2M Undefined Behavior in mlflow
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...
Undefined Behavior in mlflow
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...
CVE-2024-3099
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...
CVE-2024-3099
CVE-2024-3099 affects mlflow/mlflow 2.11.1 and is caused by inadequate validation of model names, allowing URL-encoded names to be treated as distinct from their decoded counterparts. This enables an attacker to create multiple models with the same name, leading to DoS (an authenticated user may ...
CVE-2024-3099 Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...
Open Redirect
silverstripe/framework library is vulnerable to Open Redirect. The vulnerability is due to inadequate validation of URLs, which allows attackers to craft malicious URLs that bypass redirection protections...
CVE-2024-5148
A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...
SAP NetWeaver Application Server 代码问题漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A file upload vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from the application's lack of effective validation of uploaded files. The vulnerability can be exploited to remotely...
SQL Injection
librenms/librenms is vulnerable to SQL Injection. The vulnerability is due to inadequate validation of the order parameter sourced from the $request in the file apifunctions.inc.php where the parameter value is directly incorporated into an SQL statement and concatenated. This allows attackers to...
Open Redirect
org.keycloak, keycloak-services is vulnerable to Open Redirect. The vulnerability is due to inadequate validation of URLs included in redirects, potentially allowing attackers to access other URLs and sensitive information within the domain or conduct further attacks...
CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...
CVE-2024-1511
CVE-2024-1511 affects parisneo/lollms-webui. Path traversal arises from inadequate validation of user-supplied file paths in multiple endpoints, enabling an unauthenticated attacker to read, write, and in some configurations execute arbitrary server files. Impact can occur even when the service r...
CVE-2024-1511 Path Traversal Vulnerability in parisneo/lollms-webui
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various...
Cross Site Request Forgery (CSRF)
org.apache.zeppelin: zeppelin-web is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is due to inadequate validation of requests, which allows an attacker to submit malicious requests via phishing...
Improper Array Index Validation
gtkwave is vulnerable to Improper Array Index Validation. The vulnerability is due to inadequate validation of array indices in the fstReaderIterBlocks2 tdelta functionality when signallens is 2 or more, allowing attackers to execute arbitrary code by crafting a specially crafted .fst file...