189 matches found
CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
PT-2024-36568
Name of the Vulnerable Software and Affected Versions Vanna library affected versions not specified Description The Vanna library is affected by a remote code execution issue due to prompt injection. This allows an attacker to alter the prompt function used for visualized results and run arbitrar...
CVE-2024-1252
A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/askduty/delete.php. The manipulation of the argument ASKDUTYID leads to sql injection. The exploit has been disclosed to...
PT-2024-17638 · Unknown · Tongda Oa 2017
Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions up to 11.9 Description: A critical vulnerability was found in Tongda OA 2017. The issue affects an unknown functionality of the file /general/attendance/manage/ask duty/delete.php. The manipulation of the ASK DUTY ID...
The vulnerability of the “Ask to Buy” function in operating systems such as macOS, iOS, and iPadOS allows a hacker to disclose protected information.
The vulnerability of the “Ask to Buy” function in operating systems such as macOS, iOS, and iPadOS is related to lack of access control. Exploiting this vulnerability can allow a hacker to disclose protected information...
CVE-2022-48614
Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS...
UBUNTU-CVE-2022-48614
Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS...
PT-2023-15881 · Unknown · Semantic Mediawiki
Name of the Vulnerable Software and Affected Versions: Semantic MediaWiki versions prior to 4.0.2 Description: The issue allows for Reflected XSS in Special:Ask. Recommendations: For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue...
ask-de.com Improper Access Control vulnerability OBB-3793325
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-8421 · Apple · Ios +2
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7 macOS versions prior to 13.6 macOS versions prior to 14 iOS versions prior to 16.7 iOS versions prior to 17 iPadOS versions prior to 16.7 iPadOS versions prior to 17 Description: The issue is related to insufficie...
About the security content of iOS 16.7 and iPadOS 16.7
About the security content of iOS 16.7 and iPadOS 16.7 This document describes the security content of iOS 16.7 and iPadOS 16.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...
About the security content of macOS Monterey 12.7
About the security content of macOS Monterey 12.7 This document describes the security content of macOS Monterey 12.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...
About the security content of macOS Ventura 13.6
About the security content of macOS Ventura 13.6 This document describes the security content of macOS Ventura 13.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...
SUSE CVE-2006-6169
Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...
WordPress Ask Me plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2022-3750 Ask Me < 6.8.7 - Post Deletion via CSRF
The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation...
WordPress plugin Ask Me 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Ask Me premium theme < 6.8.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Post Deletion discovered by Srijan Adhikari in WordPress Ask Me premium theme versions 6.8.7. Solution Update the WordPress Ask Me theme to the latest available version at least 6.8.7...
CVE-2022-1251
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request...