8234 matches found
Spring Tips: Vector Databases with Spring AI
Hi, Spring fans! In this installment, we look at the amazing support for vector databases in Spring AI...
Bentley Systems Bentley View 安全漏洞
Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A security vulnerability exists in Bentley View that stems from a specific flaw in the parsing of SKP files, which can be exploited by an attacker to execute code in the context of the current process...
AnythingLLM 安全漏洞
AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from the fact that an attacker can accept a single user invitation by sending multiple concurrent requests, thereby allowing the creation of multiple user accounts from a...
Insecure Cryptography
elixir is vulnerable to Insecure Cryptography. The vulnerability is due to Elixir's implementation of Blowfish in CFB mode without generating a unique initialization vector IV for each encryption operation, which allows context-dependent users to obtain sensitive information and decrypt the...
CVE-2023-44446
GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending...
When is One Vulnerability Scanner Not Enough?
Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn't existed in the vulnerability...
WordPress plugin FileOrganizer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-19734 · WordPress · The Fileorganizer – Manage Wordpress/Website Files
Name of the Vulnerable Software and Affected Versions: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting via svg file upload due to insufficient input sanitization and...
PT-2024-29185 · WordPress · Cost Calculator Builder
Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder plugin for WordPress versions up to, and including, 3.1.67 Description: The issue is related to Stored Cross-Site Scripting via the SVG upload feature due to insufficient input sanitization and output escaping. This...
UBUNTU-CVE-2024-33103
DISPUTED An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a...
WordPress Cost Calculator Builder Pro plugin <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload vulnerability
Unauthenticated Cross-Site Scripting via SVG Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder Pro versions = 3.1.67...
openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC
A flaw was found in in the POLY1305 MAC message authentication code implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate t...
kernel: arm64/sme: Set new vector length before reallocating
In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Set new vector length before reallocating As part of fixing the allocation of the buffer for SVE state when changing SME vector length we introduced an immediate reallocation of the SVE state, this is also done when...
kernel: untrusted VMM can trigger int80 syscall handling
A flaw was found in the Linux kernel. A VMM can inject external interrupts on any arbitrary vector at any time, which may allow the guest OS to be manipulated from the VMM side...
edk2: Infinite loop when parsing unknown options in the Destination Options header
A security loophole involving an infinite loop was identified in EDK2, the open-source reference implementation of the UEFI specification. This weakness enables an unauthorized attacker to exploit system availability by sending a specifically crafted Destination Options IPv6 header...
DokuWiki 安全漏洞
DokuWiki is an easy-to-use and versatile open source Wiki software. A security vulnerability exists in DokuWiki version 2024-02-06a, which stems from an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code by uploading a crafted SVG file...
[SECURITY] Fedora 39 Update: python-reportlab-4.2.0-1.fc39
This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...
[SECURITY] Fedora 40 Update: python-reportlab-4.2.0-1.fc40
This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...
DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server
This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
The vulnerability of JetBrains Toolbox’s tool set is related to uncontrolled resource consumption, allowing attackers to trigger service failures.
The vulnerability of the JetBrains Toolbox suite of tools is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures using SVG images...