Lucene search
K

6775 matches found

OSV
OSV
added 2024/10/15 2:8 p.m.5 views

GHSA-F8X4-F32R-W556 Duplicate Advisory: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jgw-rgmm-7cv6. This link is maintained to preserve external references. Original Advisory The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the we...

4.8CVSS6.8AI score
Exploits0References3
Patchstack
Patchstack
added 2024/10/15 1:2 p.m.4 views

WordPress UltimateAI plugin <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability

Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability discovered by István Márton in WordPress Plugin UltimateAI versions = 2.8.3...

5.6CVSS7AI score0.00322EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.2 views

WordPress plugin Kama SpamBlock 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6AI score0.00355EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.3 views

PT-2024-40267 · Pypi · Pyo3

Name of the Vulnerable Software and Affected Versions: PyO3 versions prior to 0.23 Description: The issue concerns a family of functions in PyO3 that read "borrowed" values from Python weak references. These functions were fundamentally unsound because the weak reference does not have ownership o...

4.8CVSS7.1AI score
Exploits0References4
OSV
OSV
added 2024/10/11 3:30 p.m.12 views

GHSA-57QH-VMJR-5JXG Snipe-IT remote code execution

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

8.6CVSS7AI score0.00962EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/10/11 3:30 p.m.24 views

Snipe-IT remote code execution

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

6.6CVSS7.8AI score0.00962EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/10/11 1:15 p.m.10 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

6.6CVSS7.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/11 12:0 a.m.17 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

7.8AI score0.00962EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/11 12:0 a.m.27 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

0.00962EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/10 10:16 p.m.23 views

CVE-2024-47869 Non-constant-time comparison when comparing hashes in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...

2.3CVSS0.00285EPSS
Exploits0References1
OSV
OSV
added 2024/10/10 10:11 p.m.11 views

GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...

6.9CVSS7.4AI score
Exploits0References2
Snyk
Snyk
added 2024/10/10 10:11 p.m.3 views

Improper Input Validation

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Improper Input Validation through the Dropdown component's pre-processing step. An attacker can manipulate input data by sending custom requests with...

6.9CVSS7AI score
Exploits0References2
OSV
OSV
added 2024/10/10 10:3 p.m.9 views

GHSA-J757-PF57-F8R4 Gradio performs a non-constant-time comparison when comparing hashes

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of differen...

6.3CVSS3.8AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2024/10/10 5:24 p.m.3 views

CLSA-2024-1728581056 python3: Fix of 2 CVEs

CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing '-quoted' cookie values with backslashes...

7.5CVSS5.7AI score0.02303EPSS
Exploits3References1
OSV
OSV
added 2024/10/10 5:16 p.m.5 views

CLSA-2024-1728580597 python3: Fix of 2 CVEs

CVE-2024-6232: remove backtracking when parsing tarfile headers - CVE-2024-7592: fix quadratic complexity in parsing '-quoted' cookie values with backslashes...

7.5CVSS5.7AI score0.02303EPSS
Exploits3References1
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.3 views

Gradio 安全漏洞

Gradio, an open source Python library open-sourced by Hugging Face, is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a security vulnerability that stems from the fact that comparisons are not done in constant time, which can be exploited by an...

3.7CVSS6.4AI score0.00285EPSS
Exploits0References2
OSV
OSV
added 2024/10/08 10:21 p.m.2 views

GHSA-9722-9J67-VJCR Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

7.1CVSS6.8AI score
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.2 views

PT-2024-39748 · Red Hat · Keycloak Server

Name of the Vulnerable Software and Affected Versions: Keycloak Server affected versions not specified Description: A denial of service DoS attack is possible due to improper handling of proxy headers in the Keycloak Server. When configured to accept incoming proxy headers, Keycloak may accept...

4.7CVSS6.7AI score0.00399EPSS
Exploits0References13
Snyk
Snyk
added 2024/10/07 2:55 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to invalid values that contain a specific set of characters. Note: This is only vulnerable if a user opens a page on which a paragraph widget is rendered. Details Cross-site scripting or XSS is a code...

6.1CVSS5.3AI score0.00363EPSS
Exploits0References2
Veracode
Veracode
added 2024/10/06 4:59 p.m.7 views

Information Exposure Through An Error Message

org.jenkins-ci.main:jenkins-core is vulnerable to Information Exposure Through an Error Message. The vulnerability is due to improper redaction of multi-line secret values in error messages generated from form submissions involving the secretTextarea form field...

4.3CVSS4.5AI score0.0084EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder