PT-2024-6293 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.10.0 through 1.12.0 Description: The issue affects Apache InLong due to improper control of code generation, which could lead to remote code execution. This allows a remote attacker to execute arbitrary code. Users ar...

USN-6916-1: Lua vulnerabilities

It was discovered that Lua did not properly generate code when "ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. CVE-2022-28805 It was discovered that Lua did not properly handle C stack overflows during error...

ROS-20240718-01

Vulnerability in Mozilla Firefox and Firefox ESR browsers is related to incorrect event handling as a result of incorrect code generation control. as a result of mismanaged code generation. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and...

CVE-2024-37228

Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.38...

CVE-2024-37109

Improper Control of Generation of Code 'Code Injection' vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7...

CVE-2024-5683

Improper Control of Generation of Code 'Code Injection' vulnerability in Next4Biz CRM & BPM Software Business Process Manangement BPM allows Remote Code Inclusion. This issue affects Business Process Manangement BPM: from 6.6.4.4 before 6.6.4.5...

WordPress plugin WishList Member X Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code injection...

PT-2024-27397 · Unknown · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect versions 0.1.0.38 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Code Injection. Recommendations: For InstaWP Connect versions 0.1.0.38 a...

WordPress plugin InstaWP Connect code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Advanced Custom Fields PRO Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability previously...

LiteLLM 代码注入漏洞

LiteLLM is an open source application from Berri AI. All LLM APIs can be called using the OpenAI format. LiteLLM suffers from a code injection vulnerability that stems from improper control over code generation, leading to a remote code execution RCE vulnerability...

GLSA-202405-15 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202405-15 Mozilla Firefox: Multiple Vulnerabilities - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects...

Range-Based Loop Execution

vyper is vulnerable to Range-Based Loop Execution. The vulnerability is due to incorrect assertion handling in the code generation of the range statement stmt.parseForrange within file stmt.py, which allows attackers to manipulate loop parameters...

vyper's range(start, start + N) reverts for negative numbers

Summary When looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. Details This issue is caused by an incorrect assertion inserted by the code generation of the range stmt.parseForrange:...

GHSA-PPX5-Q359-PVWJ vyper's range(start, start + N) reverts for negative numbers

Summary When looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. Details This issue is caused by an incorrect assertion inserted by the code generation of the range stmt.parseForrange:...

PYSEC-2024-246

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481

Vyper (Pythonic EVM language) is affected by CVE-2024-32481 in versions from 0.3.8 up to, but not including, 0.4.0b1. The vulnerability arises when looping with range(start, start + N) where start is negative; an incorrect assertion in the code generation of the range statement (stmt.parse_For_ra...

WordPress plugin Anti-Malware Security and Brute-Force Firewall 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...