Lucene search
K

189 matches found

Vulnrichment
Vulnrichment
added 2024/05/31 2:24 p.m.17 views

CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8AI score0.14956EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/31 2:24 p.m.96 views

CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8.6AI score0.14956EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.5 views

PT-2024-36568

Name of the Vulnerable Software and Affected Versions Vanna library affected versions not specified Description The Vanna library is affected by a remote code execution issue due to prompt injection. This allows an attacker to alter the prompt function used for visualized results and run arbitrar...

9.2CVSS8.9AI score0.14956EPSS
Exploits0References20
OSV
OSV
added 2024/02/06 5:15 p.m.3 views

CVE-2024-1252

A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/askduty/delete.php. The manipulation of the argument ASKDUTYID leads to sql injection. The exploit has been disclosed to...

9.8CVSS5.5AI score0.00651EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.9 views

PT-2024-17638 · Unknown · Tongda Oa 2017

Name of the Vulnerable Software and Affected Versions: Tongda OA 2017 versions up to 11.9 Description: A critical vulnerability was found in Tongda OA 2017. The issue affects an unknown functionality of the file /general/attendance/manage/ask duty/delete.php. The manipulation of the ASK DUTY ID...

9.8CVSS6.4AI score0.00651EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2024/01/25 12:0 a.m.4 views

The vulnerability of the “Ask to Buy” function in operating systems such as macOS, iOS, and iPadOS allows a hacker to disclose protected information.

The vulnerability of the “Ask to Buy” function in operating systems such as macOS, iOS, and iPadOS is related to lack of access control. Exploiting this vulnerability can allow a hacker to disclose protected information...

3.3CVSS5.4AI score0.00209EPSS
Exploits0References7Affected Software3
ATTACKERKB
ATTACKERKB
added 2023/12/10 7:15 p.m.4 views

CVE-2022-48614

Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS...

6.1CVSS6.1AI score0.00422EPSS
Exploits0References3
OSV
OSV
added 2023/12/10 7:15 p.m.2 views

UBUNTU-CVE-2022-48614

Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS...

6.1CVSS6.4AI score0.00422EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/10 12:0 a.m.5 views

PT-2023-15881 · Unknown · Semantic Mediawiki

Name of the Vulnerable Software and Affected Versions: Semantic MediaWiki versions prior to 4.0.2 Description: The issue allows for Reflected XSS in Special:Ask. Recommendations: For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue...

6.1CVSS5.9AI score0.00422EPSS
Exploits0References14
Openbugbounty
Openbugbounty
added 2023/11/25 11:18 p.m.8 views

ask-de.com Improper Access Control vulnerability OBB-3793325

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/21 12:0 a.m.1 views

PT-2023-8421 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.7 macOS versions prior to 13.6 macOS versions prior to 14 iOS versions prior to 16.7 iOS versions prior to 17 iPadOS versions prior to 16.7 iPadOS versions prior to 17 Description: The issue is related to insufficie...

3.3CVSS3.2AI score0.00209EPSS
Exploits0References13
Apple
Apple
added 2023/09/21 12:0 a.m.67 views

About the security content of iOS 16.7 and iPadOS 16.7

About the security content of iOS 16.7 and iPadOS 16.7 This document describes the security content of iOS 16.7 and iPadOS 16.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

8.8CVSS9.3AI score0.29179EPSS
Exploits3References1Affected Software2
Apple
Apple
added 2023/09/21 12:0 a.m.59 views

About the security content of macOS Monterey 12.7

About the security content of macOS Monterey 12.7 This document describes the security content of macOS Monterey 12.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

7.8CVSS7.6AI score0.02918EPSS
Exploits0References1Affected Software1
Apple
Apple
added 2023/09/21 12:0 a.m.69 views

About the security content of macOS Ventura 13.6

About the security content of macOS Ventura 13.6 This document describes the security content of macOS Ventura 13.6. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases...

7.8CVSS7.9AI score0.04547EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

6.8CVSS8.3AI score0.03174EPSS
Exploits0References4
CNVD
CNVD
added 2022/11/23 12:0 a.m.31 views

WordPress Ask Me plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.7CVSS4.7AI score0.00355EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/11/21 12:0 a.m.8 views

CVE-2022-3750 Ask Me < 6.8.7 - Post Deletion via CSRF

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation...

6.9AI score0.00355EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.5 views

WordPress plugin Ask Me 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.7CVSS6.7AI score0.00355EPSS
Exploits1References2
Patchstack
Patchstack
added 2022/10/28 12:0 a.m.25 views

WordPress Ask Me premium theme < 6.8.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Post Deletion discovered by Srijan Adhikari in WordPress Ask Me premium theme versions 6.8.7. Solution Update the WordPress Ask Me theme to the latest available version at least 6.8.7...

4.7CVSS3.1AI score0.00355EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.6 views

CVE-2022-1251

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request...

4.3CVSS5.5AI score0.00345EPSS
Exploits1References2
Rows per page
Query Builder