58 matches found
CVE-2026-3431
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...
CVE-2026-3431
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...
EUVD-2026-9172
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...
CVE-2026-3431
Summary (CVE-2026-3431) : In SimStudio, versions below 0.5.74 have MongoDB tool endpoints that accept arbitrary connection parameters from unauthenticated callers with no host restrictions. An attacker could connect to any reachable MongoDB instance and perform unauthorized read, modification, or...
Sim Studio 安全漏洞
Sim Studio is an open-source AI agent workflow builder developed by Sim Studio. Versions of Sim Studio prior to 0.5.74 contained security vulnerabilities. These vulnerabilities stemmed from MongoDB tool endpoints accepting arbitrary connection parameters, which could allow unauthorized access to...
EUVD-2020-6211
Malware in sbrugna...
EUVD-2009-4383
Malware in sbrugna...
EUVD-2013-2610
Malware in sbrugna...
EUVD-2023-35779
Malicious code in bioql PyPI...
EUVD-2022-47663
Malicious code in bioql PyPI...
EUVD-2024-24424
Malicious code in bioql PyPI...
BIT-JOOMLA-2024-27185 [20240802] - Core - Cache Poisoning in Pagination
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors...
CVE-2024-27185
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors...
CVE-2022-41347
An issue was discovered in Zimbra Collaboration ZCS 8.8.x and 9.x e.g., 8.8.15. The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes...
CVE-2024-9407
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...
CVE-2024-9407
CVE-2024-9407 is a local-privilege vulnerability in the bind-propagation option of Dockerfile RUN --mount as implemented by buildah/podman. The root cause is improper input validation, allowing an attacker to pass arbitrary parameters to the mount operation and potentially mount host directories ...
CVE-2024-9407
A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...
Google Go 输入验证错误漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. An input validation error vulnerability exists in Google Go that stems from the system not properly validating input, which allows a user to pass arbitrary parameters to the...
CVE-2024-27185
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors...
CVE-2024-27185
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors...