723 matches found
Arbitrary Code Injection
Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Arbitrary Code Injection via the PythonCodeTool component, due to a lack of validations. Remediation There is no fixed version for langflow. References - GitHub Issue Credi...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file name. An attacker who can upload heic images is able to execute code on the remote server. Remediation Upgrade maestroerror/php-heic-to-jpg to version 1.0.5 or higher. References - GitHub Commit -...
Arbitrary Code Injection
Overview flair is an A very simple framework for state-of-the-art NLP Affected versions of this package are vulnerable to Arbitrary Code Injection through the function ClusteringModel of the file flair\models\clustering.py. An attacker can execute arbitrary code by manipulating the input data to...
CVE-2024-47196
CVE-2024-47196 affects Siemens Questa and ModelSim (ModelSim all versions before V2024.3; Questa before V2024.3). The vulnerability arises from vsimk.exe loading a specific TCL file from the current working directory, enabling an authenticated local attacker to inject arbitrary code and escalate ...
CVE-2024-47195
CVE-2024-47195 affects Siemens Questa and ModelSim (all versions prior to V2024.3). The issue is an Uncontrolled Search Path Element that allows a local attacker to load a crafted file from the current working directory, enabling arbitrary code execution and privilege escalation when gdb.exe is l...
CVE-2024-47195
A vulnerability has been identified in ModelSim All versions V2024.3, Questa All versions V2024.3. gdb.exe in affected applications allows a specific executable file to be loaded from the current working directory. This could allow an authenticated local attacker to inject arbitrary code and...
LLama cpp python binding < 0.2.88 Arbitrary Write Vulnerability
The version of llama.cpp installed on the remote host is prior to 0.2.88. It is, therefore, affected by an arbitrary write vulnerability. This vulnerability was combined with another arbitrary address read vulnerability to achieve RCE, demonstrating the significant impact of the vulnerability. No...
CVE-2024-8374 Arbitrary Code Injection in Cura
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...
Cisco Application Policy Infrastructure Controller Privilege Escalation (cisco-sa-capic-priv-esc-uYQJjnuU)
According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a privilege escalation vulnerability that could could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary co...
CVE-2024-44779
CVE-2024-44779 is a reflected cross-site scripting (XSS) vulnerability in the viewname parameter of the index page in vTiger CRM 7.4.0. The issue allows an attacker to execute arbitrary code in the context of a user’s browser via a crafted payload. Affected product: vTiger CRM 7.4.0 (index page, ...
CVE-2024-20478
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-20478 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-20478 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
CVE-2024-20478
Cisco APIC and Cisco Cloud Network Controller (formerly Cloud APIC) are affected by a vulnerability in the software upgrade component where insufficient signature validation of upgrade images could allow an authenticated administrator to install a modified image and achieve arbitrary code executi...
Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leadi...
Keras < 2.13 Arbitrary Code Injection
The version of Keras installed on the remote host is prior to 2.13. It is, therefore, affected by an arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 which allows attackers to execute arbitrary code with the same permissions as the application using a model that allow...
CVE-2024-39017
agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
Arbitrary Code Injection
Overview ngx-extended-pdf-viewer is a powerful, full-featured PDF viewer for Angular applications. Whether you're building enterprise tools or internal utilities, this library gives you the control and customization options you need, all while preserving a native-like viewing experience. Built on...
SugarSync 代码问题漏洞
SugarSync is software from SugarSync that automates the access and sharing of photos, videos, and files in any folder. A code issue vulnerability exists in SugarSync versions prior to 4.1.3 that originates from a privilege escalation that allows unauthorized local users to inject arbitrary code...