EUVD-2019-10463

Malware in sbrugna...

EUVD-2023-30274

Malicious code in bioql PyPI...

GHSA-H42X-XX2Q-6V6G Flowise Pre-auth Arbitrary File Upload

Summary An unauthorized attacker can leverage the whitelisted route /api/v1/attachments to upload arbitrary files when the storageType is set to local default. Details When a new request arrives, the system first checks if the URL starts with /api/v1/. If it does, the system then verifies whether...

CVE-2023-26453

CVE-2023-26453 affects the Open-Xchange App Suite imageconverter service. The vulnerability allows SQL injection by crafting requests to cache an image, with arbitrary SQL statements executed in the context of the service database user. Exploitation requires access to adjacent networks of the ima...

CVE-2023-20259

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for devic...

CVE-2021-1385

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...

Cisco SD-WAN vManage Software Arbitrary File Creation (cisco-sa-vmanage-file-Y2JSRNRb)

According to its self-reported version, Cisco SD-WAN vManage is affected by an arbitrary file creation vulnerability due to improper validation of requests to APIs. An authenticated, remote attacker can exploit this, by sending malicious requests to an API in the affected system, to conduct...