8 matches found
Devome GRR 安全漏洞
Devome GRR is a data collection and analysis platform for forensic analysis and incident response developed by the French company Devome. Version 4.5.0 of Devome GRR contains a security vulnerability. This vulnerability stems from insufficient validation of the referer and user-agent parameters i...
CVE-2026-25783
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly validate User-Agent header tokens which allows an authenticated attacker to cause a request panic via a specially crafted User-Agent header. Mattermost Advisory ID: MMSA-2026-00586...
CVE-2026-30968
Summary: Coral Server’s SSE endpoint (/sse/v1/...) did not strongly validate that a connecting agent was a legitimate session participant before version 1.1.0, potentially allowing unauthorized message injection or observation. Affected versions: prior to 1.1.0. Impact: stated as possible confide...
Arbitrary Code Injection
Ray is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of the User-Agent header combined with lack of protection against DNS rebinding attacks, which allows an attacker to execute arbitrary code on a developer’s system via a malicious website or...
Arbitrary Code Injection
Overview ray is an A system for parallel and distributed Python that unifies the ML ecosystem. Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of the User-Agent header in browser requests. An attacker can execute arbitrary code on the host...
cloud foundry 资源管理错误漏洞
Cloud Foundry is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from the U.S.-based Cloud Foundry Foundation. The product provides features such as container scheduling, continuous delivery, and automated service deployment. A security vulnerability exists in cloud...
USN-5284-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, or execute arbitrary code. CVE-2022-0511,...
Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
The plugin is affected by an Unauthenticated Stored Cross-Site Scripting XSS vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. PoC $ curl -i http://localhost:10008/ --user-agent "alert1...