537 matches found
CVE-2023-6391
The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PYSEC-2024-21
A vulnerability classified as critical was found in vanderSchaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the...
MetaGPT Security Vulnerabilities
MetaGPT is a multi-agent framework from MetaGPT, Inc. A security vulnerability exists in MetaGPT version 0.6.4 and prior versions, which stems from a vulnerability that allows a malicious attacker to execute arbitrary code...
Jester Security Vulnerabilities
Jester is a web framework by Dominik Picheta, an individual developer in the UK. A security vulnerability exists in Jester v.0.6.0 and earlier versions that could allow a remote attacker to execute arbitrary code via a crafted request...
Spreadsheet::ParseXLSX Security Vulnerability
Spreadsheet::ParseXLSX is an XLSX file parser. A security vulnerability exists in Spreadsheet::ParseXLSX prior to version 0.28, which stems from memoize not properly constraining merged cells, resulting in an out-of-memory condition when parsing XLSX documents...
Malicious code in rechtspraak.huwelijksgoederenregister (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0cf3169f51f3ee6c09021cf60f11a4171fed6a0655488a89f8b916c949cbd03b The OpenSSF Package Analysis project identified 'rechtspraak.huwelijksgoederenregister' @ 0.12.0 npm as malicious. It is considered malicious...
dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...
PT-2023-9005 · Artifex +2 · Jbig2Dec +2
Name of the Vulnerable Software and Affected Versions: Artifex Software jbig2dec version 0.20 Description: The issue is related to the incorrect initialization of a resource in the jbig2 error function of the jbig2.c file in the Jbig2dec decoder for the JBIG2 image compression format. This can be...
`MaybeUninit` misuse in `simd-json-derive`
An invalid use of MaybeUninit::uninit.assumeinit in simd-json-derive's derive macro can cause undefined behavior. The original code used MaybeUninit to avoid initialisation of the struct and then set the fields using ptr::write. The undefined behavior triggered by this misuse of MaybeUninit can...
CVE-2023-38873
The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...
CVE-2023-5016
A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to...
Meetup Tag 安全漏洞
Meetup Tag is a MediaWiki plugin. A security vulnerability exists in version 0.1 of the Meetup tag extension for mediawiki, which stems from some unknown handling in the component ink Attribute Handler, which can be used to access web links to untrusted targets via window.opener...
LlamaIndex Injection Vulnerability
LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A security vulnerability exists in LlamaIndex version v.0.7.13, which can be exploited to execute arbitrary code via the exec parameter in the PandasQueryEngine function...
CVE-2023-33867
Improper buffer restrictions in some IntelR RealSenseTM ID software for IntelR RealSenseTM 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access...
Open-Falcon dashboard security vulnerability
dashboard is Open-Falcon open source an Open Falcon unified default front-end component. A security vulnerability exists in Open-Falcon dashboard version 0.2.0, which originated from a vulnerability that allows an attacker to obtain, modify, and delete sensitive information by designing the POST...
sendToken() shouldn't have metadata parameter
Lines of code Vulnerability details Impact Users calling sendToken with metadata may trigger a revert or lose the calldata if its size is 1-3 bytes when the destination is an EOA. Proof of Concept In transmitSendToken, we discard the calldata if it's less than 4 bytes, and revert if it's bigger o...
Jenkins Plugin Pipeline restFul 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
WebsiteGuide 代码问题漏洞
WebsiteGuide is a web site navigation system. A security vulnerability exists in WebsiteGuide v0.2 that stems from vulnerability to Remote Command Execution RCE attacks via image upload...
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...
GLPI 安全漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...