Trilium Notes 跨站脚本漏洞

Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large-scale personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from deficiencies such as...

Flowise 代码注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a code injection vulnerability. This vulnerability stemmed from the CSVAgent component, which allowed the provision of custom Pandas CSV reading code. Lack of...

WordPress plugin VK All in One Expansion Unit 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

Deep Lake Security Breach

Deep Lake is an AI database open-sourced by Activeloop. Its storage format is optimized for deep learning applications. A security vulnerability exists in Deep Lake version 3.9.10, which stems from a lack of input cleanup and command injection when extracting remote Kaggle datasets...

The vulnerability of Xenstore information storage in Xen hypervisors allows attackers to gain unauthorized access to protected information, enhance their privileges, or cause service failures.

The vulnerability of Xenstore information storage system in Xen hypervisors is related to incomplete cleanup of temporary or auxiliary resources. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information, increase their privileges, or cause service...

The vulnerability of the ASUSTOR Data Master operating system, related to the lack of measures taken to clean data at the management level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the ASUSTOR Data Master operating system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Commons FileUpload component in the Apache Tomcat application server arises due to incomplete cleanup of temporary or auxiliary resources, allowing attackers to cause service failures.

The vulnerability of the Commons FileUpload component in the Apache Tomcat application server exists due to incomplete cleanup of temporary or auxiliary resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the bs_SetLimitCli_info function in the /lib/libshare-0.0.26.so library of the LB-LINK router software allows a attacker to gain full access to the device.

The vulnerability of the bsSetLimitCliinfo function in the /lib/libshare-0.0.26.so file of the LB-LINK router software is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full...

The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of measures taken at the management level to clean up data. This allows attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...