External Control of System or Configuration Setting

Overview Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the found-action process. An attacker can execute arbitrary shell commands on the host system by sending specially crafted JSON data to the REST API server endpoint when it is...

Astra Linux - уязвимость в bind9

The code that processes control channel messages sent to named recursively calls certain functions during packet parsing. The recursion depth is limited only by the maximum acceptable packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack...

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Summary ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes closeresults at line 438, but the second stage — which processes POST-body parameters dp — ...

sd-webui-infinite-image-browsing security vulnerability

sd-webui-infinite-image-browsing is an image browser by zanllp personal developer. A security vulnerability exists in versions prior to sd-webui-infinite-image-browsing 977815a, which stems from a vulnerability that allows a remote attacker to obtain local files if Gradio authentication is enable...