385 matches found
CVE-2025-26796 Apache Oozie: XSS in Oozie Web Console
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...
AZL-58844 CVE-2024-40635 affecting package moby-containerd for versions less than 1.6.26-11
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...
CVE-2025-27407
A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...
CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary files. The attacker must have network access to the management interface web, SSH, console, or telnet and successfully authenticate to exploit this issue. You can greatly...
CVE-2024-49795
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2024-21642
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
IBM Security Verify Access 跨站请求伪造漏洞
IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...
CVE-2023-38739
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
IBM Sterling B2B Integrator 跨站请求伪造漏洞
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...
CVE-2024-49375
CVE-2024-49375 affects Rasa (Open Source and Pro). Remote Code Execution is possible when a malicious model is loaded into a Rasa instance via the HTTP API, with API enabled (--enable-api) and depending on authentication configuration. Unauthenticated RCE requires no auth and is more severe; auth...
GHSA-9PP6-WQ8C-3W2C Gogs allows argument injection during the previewing of changes
Impact Unprivileged user accounts can write to arbitrary files on the filesystem. We could demonstrate its exploitation to force a re-installation of the instance, granting administrator rights. It allows accessing and altering any user's code hosted on the same instance. Patches Unintended Git...
Gogs allows argument injection during the previewing of changes
Impact Unprivileged user accounts can write to arbitrary files on the filesystem. We could demonstrate its exploitation to force a re-installation of the instance, granting administrator rights. It allows accessing and altering any user's code hosted on the same instance. Patches Unintended Git...
GHSA-CCQV-43VM-4F3W Gogs allows deletion of internal files
Impact Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUNUSER in the configuration. It allows attackers to access and alter any users' code hosted on the same instance. Patches Deletion of .git files has been prohibit...
GHSA-R7J8-5H9C-F6FX Remote Command Execution in file editing in gogs
Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...
Remote Command Execution in file editing in gogs
Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...
D-Tale allows Remote Code Execution through the Custom Filter Input
Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability for users to update the enablecustomfilters flag. You can fi...
CVE-2024-55890
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...
CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...
CVE-2024-55890
D‑Tale (Python package for Visualizing Pandas objects) prior to v3.16.1 is vulnerable to remote code execution when hosted publicly. The issue stems from the update-settings endpoint allowing an attacker to modify the enable_custom_filters flag, enabling arbitrary code execution on the server. Th...
CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...