Lucene search
K

54 matches found

Cvelist
Cvelist
added 2024/06/28 7:27 p.m.202 views

CVE-2024-5827 Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS0.03452EPSS
Exploits0References1
CVE
CVE
added 2024/06/28 7:27 p.m.107 views

CVE-2024-5827

Vanna v0.3.4 is affected by an SQL injection in the DuckDB integration exposed through its Flask Web APIs. The vulnerability allows attackers to inject malicious SQL training data and craft queries that can write arbitrary files to the file system (e.g., backdoor.php with contents ), potentially ...

9.8CVSS10AI score0.03452EPSS
In wildExploits0References1
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.4 views

PT-2024-5388 · Duckdb +2 · Duckdb +2

Name of the Vulnerable Software and Affected Versions: Vanna version 0.3.4 Description: The issue is related to the Vanna framework's web interface, specifically with its integration of DuckDB and Flask Web APIs. It allows for SQL injection, enabling attackers to inject malicious SQL training dat...

9.8CVSS8.6AI score0.03452EPSS
Exploits0References5
NVD
NVD
added 2023/07/19 8:15 p.m.41 views

CVE-2023-37899

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

7.5CVSS7.5AI score0.00963EPSS
Exploits1References5
Prion
Prion
added 2023/07/19 8:15 p.m.23 views

Design/Logic Flaw

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

5CVSS7.5AI score0.00963EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/05/20 7:15 p.m.6 views

CVE-2023-33244

Obsidian before 1.2.2 allows calls to unintended APIs for microphone access, camera access, and desktop notification via an embedded web page...

8.2CVSS5.8AI score0.00474EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/08 12:0 a.m.6 views

PT-2023-1633 · Unknown · Mxsecurity

Name of the Vulnerable Software and Affected Versions: MXsecurity version 1.0 Description: The issue is related to hardcoded credentials in MXsecurity, which can be exploited to craft arbitrary JWT tokens and bypass authentication for web-based APIs. This allows a remote attacker to elevate their...

10CVSS8.1AI score0.00973EPSS
Exploits0References8
Debian
Debian
added 2022/07/22 12:10 p.m.44 views

[SECURITY] [DSA 5186-1] djangorestframework security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5186-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 22, 2022 https://www.debian.org/security/faq -...

6.1CVSS6.3AI score0.01286EPSS
Exploits0
Wallarm Lab
Wallarm Lab
added 2022/07/13 5:47 p.m.95 views

10 Years Journey into API Security Vulnerabilities with Ivan, the CEO of Wallarm

Ivan Novikov, CEO at Wallarm, is an API security expert, bug hunter, security researcher, and blackhat speaker with 24 years of experience in the cybersecurity field. He spent decades in this industry and witnessed exploits as well as growth. Read ahead to understand Ivan’s API Security journey a...

10CVSS0.99999EPSS
Exploits22
BDU FSTEC
BDU FSTEC
added 2022/01/10 12:0 a.m.6 views

The vulnerability of Google Chrome’s web APIs, related to the use of memory after it is freed, allows attackers to circumvent existing security restrictions by using a specially created HTML page.

The vulnerability of Google Chrome’s web APIs is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by using a specially created HTML page...

8.8CVSS7.6AI score0.00827EPSS
Exploits0References7Affected Software6
OSV
OSV
added 2020/12/18 9:15 p.m.3 views

CVE-2020-17520

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API...

6.5CVSS6.6AI score
Exploits0References1
Veracode
Veracode
added 2020/12/06 3:5 a.m.20 views

Improper Access Control

chromium is vulnerable to improper access control. The vulnerability exists due to insufficient protection of permission UI in WebAPKs in Google Chrome, allowing an attacker who convinced the user to install a malicious application to access web APIs via a crafted APK...

6.5CVSS5.3AI score0.01278EPSS
Exploits0References10Affected Software1
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.7 views

Aviatrix Systems Controller 代码问题漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An arbitrary file upload vulnerability exists in Aviatrix Controller versions prior to R6.0.2483. The vulnerability stems from several APIs that contain functionality that...

9.8CVSS7.7AI score0.01742EPSS
Exploits1References2
CNVD
CNVD
added 2020/06/22 12:0 a.m.3 views

Mattermost Desktop App Access Control Error Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. An Access Control Error vulnerability exists in Mattermost Desktop App versions prior to 4.4.0, which stems from the program's failure to properly handle the same-origin policy and can be exploited by an attacker to...

7.5CVSS6.8AI score0.00425EPSS
Exploits0References1
NVD
NVD
added 2020/06/19 2:15 p.m.26 views

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

7.5CVSS0.00425EPSS
Exploits0References1
OSV
OSV
added 2020/06/19 2:15 p.m.19 views

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

7.3CVSS6.9AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/19 1:12 p.m.29 views

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

7.2AI score0.00425EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/09/27 4:31 p.m.83 views

Roblox: Insecure redirect rule results in bypassing ban redirect on certain pages

Description Account bans on Roblox work via redirect rules. If an user attempts go to a page that's outside a whitelisted set of rules, they'll be redirected back to the ban page. After researching, I've found that the following rules are whitelisted and bypass this redirect: - Any URLs ending in...

6.8AI score
Exploits0
OSV
OSV
added 2019/02/19 5:29 p.m.2 views

DEBIAN-CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK...

6.5CVSS6.8AI score0.01278EPSS
Exploits0References1
NVD
NVD
added 2019/02/19 5:29 p.m.17 views

CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK...

6.5CVSS6.7AI score0.01278EPSS
Exploits0References7
Rows per page
Query Builder