895 matches found
mage-ai 安全漏洞
mage-ai is a modern replacement for Airflow in the Mage open source. A security vulnerability exists in mage-ai that stems from a path traversal vulnerability that allows a remote user with the Viewer role to leak arbitrary files from a Mage server via a Pipeline Interaction request...
CVE-2024-43011
An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary file...
ZZCMS 安全漏洞
ZZCMS is a content management system CMS by the ZZCMS team in China. Directory traversal vulnerability exists in ZZCMS 2023 and previous versions, the vulnerability stems from insufficient validation and filtering of user-input file paths, which can be exploited by an attacker to delete arbitrary...
WordPress plugin Element Pack Elementor Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2024-38101 · WordPress · Tainacan
Name of the Vulnerable Software and Affected Versions: Tainacan plugin for WordPress versions up to, and including, 0.21.7 Description: The issue is related to a missing capability check on the get file function, which is also vulnerable to directory traversal. This allows authenticated attackers...
Devika 路径遍历漏洞
Devika is an advanced AI software engineer open-sourced by stition. It can understand advanced human instructions, break them down into steps, study the relevant information, and write code to achieve a given goal. A security vulnerability exists in Devika v1. The vulnerability stems from...
PT-2024-6222
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.11 through 2.11.8 libxml2 versions 2.12 through 2.12.8 libxml2 versions 2.13 through 2.13.2 Description The issue is related to the SAX parser in libxml2, which can produce events for external entities even if custom SAX...
PT-2024-37183 · Stitionai · Devika +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an attacker to access sensitive files on the server by providing incorrect file names, which the agent attempts to correct, inadvertently revealing the content of t...
CVE-2024-36422
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craft a...
Flowise Security Vulnerabilities
Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from the presence of a reflective cross-site scripting vulnerability that could allow an attacker to read arbitrary files from the server...
Flowise Security Vulnerabilities
Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from the presence of a reflective cross-site scripting vulnerability that could allow an attacker to read arbitrary files from the server...
CVE-2023-49793 Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine o...
Apache Superset Input Validation Error Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset before 3.1.3, version 4.0.0, which originates from a vulnerability that could allow an authenticated attacker to create a...
CVE-2024-34684
On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...
CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)
On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...
CVE-2024-34684
CVE-2024-34684 affects SAP BusinessObjects Business Intelligence Platform (Scheduling) on Unix. An authenticated attacker with local administrator access can access the password of a local account, enabling retrieval of non-administrative credentials and allowing read/modify of remote server file...
CVE-2024-4888 Arbitrary File Deletion in BerriAI/litellm
BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...
CVE-2024-4888
BerriAI’s litellm (latest version) is affected by CVE-2024-4888 due to improper input validation on the /audio/transcriptions endpoint. The code uses os.remove(file.filename) to delete a file, allowing an attacker to delete arbitrary server files (e.g., SSH keys, SQLite databases, configuration f...
WordPress plugin Startklar Elementor Addons security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity, related to errors in processing the relative path to the directory, allows a hacker to access arbitrary files from the server.
The vulnerability of the Continuous Integration and Application Delivery system CI/CD of TeamCity in JetBrains is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow a malicious actor to read arbitrary files from the server...