Lucene search
K

537 matches found

OSV
OSV
added 2024/01/29 3:15 p.m.4 views

CVE-2023-6391

The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.8AI score0.00349EPSS
Exploits2References2
PyPA
PyPA
added 2024/01/26 5:15 p.m.5 views

PYSEC-2024-21

A vulnerability classified as critical was found in vanderSchaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the...

8.8CVSS7.5AI score0.00668EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/01/22 12:0 a.m.4 views

MetaGPT Security Vulnerabilities

MetaGPT is a multi-agent framework from MetaGPT, Inc. A security vulnerability exists in MetaGPT version 0.6.4 and prior versions, which stems from a vulnerability that allows a malicious attacker to execute arbitrary code...

8.8CVSS7.3AI score0.0096EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.3 views

Jester Security Vulnerabilities

Jester is a web framework by Dominik Picheta, an individual developer in the UK. A security vulnerability exists in Jester v.0.6.0 and earlier versions that could allow a remote attacker to execute arbitrary code via a crafted request...

9.8CVSS7.6AI score0.01017EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.3 views

Spreadsheet::ParseXLSX Security Vulnerability

Spreadsheet::ParseXLSX is an XLSX file parser. A security vulnerability exists in Spreadsheet::ParseXLSX prior to version 0.28, which stems from memoize not properly constraining merged cells, resulting in an out-of-memory condition when parsing XLSX documents...

5.5CVSS6.8AI score0.00468EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/12/11 10:24 a.m.4 views

Malicious code in rechtspraak.huwelijksgoederenregister (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0cf3169f51f3ee6c09021cf60f11a4171fed6a0655488a89f8b916c949cbd03b The OpenSSF Package Analysis project identified 'rechtspraak.huwelijksgoederenregister' @ 0.12.0 npm as malicious. It is considered malicious...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/07 8:48 a.m.4 views

dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232

A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...

7.5CVSS5.7AI score0.01334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.5 views

PT-2023-9005 · Artifex +2 · Jbig2Dec +2

Name of the Vulnerable Software and Affected Versions: Artifex Software jbig2dec version 0.20 Description: The issue is related to the incorrect initialization of a resource in the jbig2 error function of the jbig2.c file in the Jbig2dec decoder for the JBIG2 image compression format. This can be...

7.8CVSS6.6AI score0.00753EPSS
Exploits1References16
RustSec
RustSec
added 2023/10/14 12:0 p.m.5 views

`MaybeUninit` misuse in `simd-json-derive`

An invalid use of MaybeUninit::uninit.assumeinit in simd-json-derive's derive macro can cause undefined behavior. The original code used MaybeUninit to avoid initialisation of the struct and then set the fields using ptr::write. The undefined behavior triggered by this misuse of MaybeUninit can...

7.2AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/28 4:15 a.m.5 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS5.8AI score0.00634EPSS
Exploits1References4
OSV
OSV
added 2023/09/17 2:15 a.m.3 views

CVE-2023-5016

A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to...

9.8CVSS5.3AI score0.00892EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/28 12:0 a.m.5 views

Meetup Tag 安全漏洞

Meetup Tag is a MediaWiki plugin. A security vulnerability exists in version 0.1 of the Meetup tag extension for mediawiki, which stems from some unknown handling in the component ink Attribute Handler, which can be used to access web links to untrusted targets via window.opener...

5.3CVSS5AI score0.00502EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/15 12:0 a.m.2 views

LlamaIndex Injection Vulnerability

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A security vulnerability exists in LlamaIndex version v.0.7.13, which can be exploited to execute arbitrary code via the exec parameter in the PandasQueryEngine function...

9.8CVSS7.7AI score0.01233EPSS
Exploits1References2
OSV
OSV
added 2023/08/11 3:15 a.m.5 views

CVE-2023-33867

Improper buffer restrictions in some IntelR RealSenseTM ID software for IntelR RealSenseTM 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS6AI score0.00167EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.2 views

Open-Falcon dashboard security vulnerability

dashboard is Open-Falcon open source an Open Falcon unified default front-end component. A security vulnerability exists in Open-Falcon dashboard version 0.2.0, which originated from a vulnerability that allows an attacker to obtain, modify, and delete sensitive information by designing the POST...

9.8CVSS6.5AI score0.00842EPSS
Exploits1References2
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.6 views

sendToken() shouldn't have metadata parameter

Lines of code Vulnerability details Impact Users calling sendToken with metadata may trigger a revert or lose the calldata if its size is 1-3 bytes when the destination is an EOA. Proof of Concept In transmitSendToken, we discard the calldata if it's less than 4 bytes, and revert if it's bigger o...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

Jenkins Plugin Pipeline restFul 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS8AI score0.0034EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.7 views

WebsiteGuide 代码问题漏洞

WebsiteGuide is a web site navigation system. A security vulnerability exists in WebsiteGuide v0.2 that stems from vulnerability to Remote Command Execution RCE attacks via image upload...

9.8CVSS8.2AI score0.01301EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/07/06 2:15 p.m.2 views

CVE-2023-36188

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...

9.8CVSS7.8AI score0.01566EPSS
Exploits2References3
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.5 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

6.5CVSS6.3AI score0.00472EPSS
Exploits0References3
Rows per page
Query Builder