190 matches found
UBUNTU-CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-10491
A flaw was found in the Express Node.js framework. In certain versions, an attacker may be able to trigger an arbitrary resource injection attack via the link header when unsanitized data is used...
Express ressource injection
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
GHSA-CM5G-3PGC-8RG4 Express ressource injection
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
DEBIAN-CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
UBUNTU-CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
CVE-2024-10491
The CVE-2024-10491 entry concerns the Express framework: the response.links function mishandles sanitization of Link header values, enabling arbitrary resource injection via certain characters (e.g., , ; ). Public-connected docs (GHSA, OSV, Debian OSV entries) reiterate the same issue and describ...
CVE-2024-10491
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...
PT-2024-16314 · Express +1 · Express +1
Name of the Vulnerable Software and Affected Versions: Express affected versions not specified Description: A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from...
CVE-2024-6847
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot...
go-retryablehttp: url might write sensitive information to log file
A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...
WordPress plugin Chatbot for WordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-28624 · Unknown · Bert-Vits2
Name of the Vulnerable Software and Affected Versions: Bert-VITS2 versions 2.3 and earlier Description: The issue arises from user input being directly used in a command executed with subprocess.runcmd, shell=True in the resample function, leading to arbitrary command execution. This is due to th...
UBUNTU-CVE-2024-31444
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...
CVE-2023-28952
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463...
CVE-2024-31212 SQL injection in index_chart_data action
InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in indexchartdata action, which receive...