32 matches found
Incomplete List of Disallowed Inputs
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the server by bypassi...
Veeam ONE Upgrade Fails with "Win32 exception occurred while executing SQL script."
Challenge When upgrading Veeam ONE from version 12.3 to version 13, the following error occurs: Win32 exception occurred while executing SQL script. Error code: 0x80004004. Error details: The SELECT permission was denied on the object 'sysjobs', database 'msdb', schema 'dbo'. Cause This error...
CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to 1 child processes created with and 2 child processes that call the CreateProcess function and are executed with or end with the CFX extension...
CVE-2023-29057
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”...
CVE-2019-16919
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...
PT-2025-53445
Name of the Vulnerable Software and Affected Versions Nozomi Networks affected versions not specified Description Inadequate permission management exists for the camera guest account. The issue affects Industrial Control Systems ICS and OT/IoT security. The manufacturer has released a patch...
EUVD-2001-1491
Malware in sbrugna...
EUVD-2020-5499
Malware in sbrugna...
EUVD-2017-5930
Malware in sbrugna...
EUVD-2024-38203
Malicious code in bioql PyPI...
EUVD-2023-32660
Malicious code in bioql PyPI...
NATS Server may fail to authorize certain Jetstream admin APIs
Advisory The management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with ...
Harbor 授权问题漏洞
Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policy and role-based access control, ensuring that images are scanned and free of vulnerabilities, and signing images as trusted. An authorization issue vulnerability exists in Harbor 2.4.2 and prior...
CVE-2024-39718
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account...
CVE-2024-39718
CVE-2024-39718 is a vulnerability in Veeam Backup & Replication 12.x (notably affected builds include 12.1.2.172 and earlier) where a low-privileged user can remotely remove files with the service account’s permissions due to improper input validation. Connected sources confirm this CVE affects m...
PKP-WAL 3.4.0-3 Remote Code Execution Exploit
PKP Web Application Library PKP-WAL versions 3.4.0-3 and below, as used in Open Journal Systems OJS, Open Monograph Press OMP, and Open Preprint Systems OPS before versions 3.4.0-4 or 3.3.0-16, suffer from a NativeImportExportPlugin related remote code execution vulnerability...
Deleted account still has the right to create, delete other accounts (delete surveys)
Description An account that has been deleted still has the right to create, delete surveys other accounts Proof of Concept Video Poc https://drive.google.com/file/d/1kvNqK8tYvWDabLigI6dZsp4kpKKkrfIx/view?usp=sharing...
CVE-2023-4958
In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...
CVE-2023-29057
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”...
CVE-2023-29057
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”...