154 matches found
GHSA-JV2H-4P9V-WF5W ouroboros-ai: Incomplete fix of CVE-2026-47211: untrusted project .env can still reach RCE via omitted execution-routing keys
Impact The CVE-2026-47211 fix 0.39.0 added UNTRUSTEDENVDENYLIST to stop an untrusted project-directory .env from redirecting execution. The denylist was incomplete — several execution-routing keys of the same RCE class were omitted, so a malicious cloned repo can still reach arbitrary command...
CVE-2019-16236
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...
MAL-2025-48691 Malicious code in hyatt-residential-roster (npm)
Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...
Malicious code in hyatt-residential-roster (npm)
Package is malware. Collects and exfiltrates sensitive data to an external server. Suspicious install scripts execute the same script multiple times. The package communicates with a domain associated with malicious activity...
EUVD-2004-2381
Malware in sbrugna...
EUVD-2016-2939
Malware in sbrugna...
EUVD-2016-10715
Malware in sbrugna...
EUVD-2015-8565
Malware in sbrugna...
EUVD-2021-13582
Malware in sbrugna...
EUVD-2019-7043
Malware in sbrugna...
EUVD-2006-6833
Malware in sbrugna...
CVE-2024-33850
Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting...
CVE-2024-51850
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through = 0.5.5...
CVE-2021-26795
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
Autolab 安全漏洞
Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A security vulnerability exists in Autolab 3.0.2 and prior versions that stems from the ability of users to change their first or last name, which could lead to the disclosu...
PT-2024-35698 · Autolab · Autolab
Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When ...
CVE-2024-51850
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through = 0.5.5...
CVE-2024-51850 WordPress WoW Guild Armory Roster plugin <= 0.5.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through = 0.5.5...