137 matches found
DocsGPT 安全漏洞
DocsGPT is a cutting edge open source solution from Arc53 Open Source. It simplifies the process of finding information in project documentation. A security vulnerability exists in DocsGPT versions 0.8.1 through 0.12.0 that stems from improper parsing of JSON data using the eval function. An...
PT-2025-5828
Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.8.1 through 0.12.0 Description A vulnerability has been found in DocsGPT that could result in Remote Code Execution RCE. Due to improper parsing of JSON data using eval, an unauthorized attacker could send arbitrary Python...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
PT-2024-35698 · Autolab · Autolab
Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When ...
BIT-GRAFANA-2023-5122 SSRF in CSV Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...
The configuration vulnerability of Enable Client Autoupdate for the Remote Access End Point Control service of the SonicWall EPC software, which enables remote access to SonicWall SMA 100 network devices, allows a perpetrator to execute arbitrary code.
The vulnerability of the Enable Client Autoupdate configuration of the Remote Access End Point Control service provided by SonicWall NetExtender for remote access to SonicWall SMA 100 network devices is related to improper code generation. Exploiting this vulnerability could allow an attacker...
Denial of service of Minder Server with attacker-controlled REST endpoint
The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends...
CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...
CVE-2023-5122
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...
Path traversal
The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a...
CVE-2023-5123 Improper Path Sanitization in JSON Datasource Plugin
The JSON datasource plugin https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate...
SSRF in CSV Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to a bare hos...
Improper Path Sanitization in JSON Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The JSON datasource plugin is a Grafana Labs maintained plugin that allows for retrieving and processing JSON data from a remote endpoint including a specific sub-path configured by an administrator. Due to inadequate sanitizati...
Grafana Code Issue Vulnerability
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana has a security vulnerability that stems from a CSV datasource plugin that...
CVE-2023-51734
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...
Input validation
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...
CVE-2023-51734
CVE-2023-51734 affects Skyworth Router CM5100, version 4.1.1.24. The issue originates from insufficient validation of the Identity parameter in the web interface’s Remote endpoint settings, enabling a remote attacker to supply crafted input that can trigger a stored XSS vulnerability. The availab...
CVE-2023-51734 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...
CVE-2023-51734 Stored Cross Site Scripting Vulnerability in Skyworth Router
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...