86 matches found
EUVD-2023-2938
Malicious code in bioql PyPI...
CVE-2025-49841
GPT-SoVITS-WebUI is affected by unsafe deserialization in process_ckpt.py. User input (sovits_path) is passed to torch.load in load_sovits_new, enabling arbitrary code execution. Affected versions: 20250228v3 and prior. At publication, no patched versions are available. No exploitation details ar...
Emerson ValveLink 输入验证错误漏洞
Emerson ValveLink is a suite of digital valve configuration and diagnostic software from Emerson Electric USA. An input validation error vulnerability exists in Emerson ValveLink that stems from failure to properly validate input data, which could lead to unsafe data handling...
CVE-2021-3262
TripSpark VEO Transportation-2.2.x-XPBB-20201123-184084 NovusEDU-2.2.x-XPBB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queri...
CVE-2017-1002157
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...
CVE-2019-1296
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295...
CVE-2019-1295
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296...
Employee Record System current_employees.php file cross-site scripting vulnerability
Employee Record System is an employee record system. Employee Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters employeedid/firstname/middlename/lastname in the file...
Welcart e-Commerce 代码问题漏洞
Welcart e-Commerce is a free e-commerce plugin for WordPress from Welcart Japan. A code issue vulnerability exists in Welcart e-Commerce version 2.11.6 and earlier, which stems from untrustworthy data deserialization and could lead to the execution of arbitrary code by a remote, unauthenticated...
WordPress plugin Education LMS 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Education LMS version 0.0.7 and previous versions exist cross-site scripting...
Deserialization Attack
MindsDB is vulnerable to Deserialization Attack. The vulnerability is due to unsafe deserialization of untrusted data, where the system fails to properly validate or sanitize the data before processing it, allowing malicious code to be executed when interacting with the deserialized model...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the use of sprintf leading to unsafe data handling...
CVE-2024-42479 llama.cpp allows write-what-where in rpc_server::set_tensor
llama.cpp provides LLM inference in C/C++. The unsafe data pointer member in the rpctensor structure can cause arbitrary address writing. This vulnerability is fixed in b3561...
CVE-2024-42478
CVE-2024-42478 concerns llama.cpp where an unsafe data pointer in the rpc_tensor structure can lead to arbitrary address reads. Several sources concur this is a code-level issue; the public CVE description states the vulnerability is fixed in b3561. Some connected advisories also advise upgrading...
PT-2024-29975 · Llama.Cpp · Llama.Cpp
Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b3561 Description: The issue is related to the rpc tensor structure in llama.cpp, which provides LLM inference in C/C++. The unsafe data pointer member can cause arbitrary address writing, potentially leading to...
BIT-MOODLE-2023-5547 Moodle: xss risk when previewing data in course upload tool
The course upload preview contained an XSS risk for users uploading unsafe data...
Moodle Cross-site Scripting vulnerability
The course upload preview contained an XSS risk for users uploading unsafe data...
GHSA-9GQP-3G28-W9XC Moodle Cross-site Scripting vulnerability
The course upload preview contained an XSS risk for users uploading unsafe data...
CVE-2023-5547
The course upload preview contained an XSS risk for users uploading unsafe data...
CVE-2023-5547
The course upload preview contained an XSS risk for users uploading unsafe data...