request-filtering-agent 代码问题漏洞

request-filtering-agent is an application by azu Personal Developers. A code issue vulnerability exists in request-filtering-agent version 1.x.x and prior versions that stems from HTTPS requests bypassing IP address filtering, which could lead to accessing internal services bypassing SSRF...

NVIDIA NeMo Framework Code Issue Vulnerability

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code issue vulnerability exists in the NVIDIA NeMo Framework, which can be exploited by an attacker to execute malicious code by uploading arbitrary files and bypassing file size limits...

AVEVA PI Integrator 代码问题漏洞

AVEVA PI Integrator is a business analysis tool from AVEVA UK. AVEVA PI Integrator suffers from a code issue vulnerability that originates from an authenticated attacker who could upload and execute files...

Malicious code in minnesota-timberwolves---nba-jersey (npm)

The package minnesota-timberwolves---nba-jersey was found to contain malicious code...

Intel Trace Analyzer And Collector 代码问题漏洞

Intel Trace Analyzer And Collector is a trace analyzer and collector from Intel Corporation USA. It is used to analyze Mpi behavior in parallel applications. A code issue vulnerability exists in Intel Trace Analyzer And Collector that stems from an uncontrolled search path that could lead to...

Siemens多款产品 代码问题漏洞

Siemens SIPROTEC 4 is a multifunction relay from Siemens Germany. A code issue vulnerability exists in various Siemens products that stems from mishandling of a file transfer operation, which could result in a denial of service. The following products are affected: SIPROTEC 4 6MD61, 6MD63, 6MD66,...

Intel oneAPI Toolkits 代码问题漏洞

Intel oneAPI Toolkits is a set of core tools and libraries from Intel Corporation USA. It is used to develop high-performance, data-centric applications across different architectures. A code issue vulnerability exists in Intel oneAPI Toolkits that stems from an uncontrolled search path that coul...

Microsoft Web Deploy 代码问题漏洞

Microsoft Web Deploy is a scalable client-server tool from Microsoft Corporation USA. A code issue vulnerability exists in Microsoft Web Deploy. An attacker exploiting this vulnerability could execute code...

Qiyuesuo Eelectronic Signature Platform 代码问题漏洞

Qiyuesuo Eelectronic Signature Platform is an e-signature and e-contract management platform from China Contract Lock Qiyuesuo. A code issue vulnerability exists in Qiyuesuo Eelectronic Signature Platform version 4.34 and earlier, which stems from improper handling of the parameter File in...

Linux Distros Unpatched Vulnerability : CVE-2023-52934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm/MADVCOLLAPSE: catch !none !huge !bad pmd lookups In commit 34488399fa08 mm/madvise: add...

OpenPLC Runtime version 3 代码问题漏洞

OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. A code issue vulnerability exists in OpenPLC Runtime version 3 that originates from allowing an authenticated user to upload arbitrary files and access them publicly...

GHSA-3JHF-GXHR-Q4CX MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

Summary When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. Details In src/MaterialXCore/Material.cpp, in function getShaderNodes, the following code fetches the output nodes for a given...

Alfasado PowerCMS 代码问题漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A code issue vulnerability exists in Alfasado PowerCMS that stems from an insufficient file upload limit and could lead to the execution of arbitrary script...

BentoML 代码问题漏洞

BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable artificial intelligence applications using Python. A code issue vulnerability exists in BentoML versions 1.4.0 through 1.4.19 that stems from the file upload processing...

SolarWinds Web Help Desk 代码问题漏洞

SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A code issue vulnerability exists in SolarWinds Web Help Desk that...

299Ko 代码问题漏洞

299Ko is a simple, fast and lightweight content management system from 299Ko open source. A code issue vulnerability exists in version 2.0.0 of 299Ko, which stems from the existence of unlimited uploads in the file management component in file/admin/filemanager/view...

JPACookieShop 代码问题漏洞

JPACookieShop is a cake mall platform software by Jerryshensjf individual developer. A code issue vulnerability exists in JPACookieShop version 1.0, which stems from an incorrect operation of the function addGoods in the file GoodsController.java resulting in unlimited uploads...

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...

WordPress Broken Link Notifier plugin code issue vulnerability

WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. The WordPress Broken Link Notifier plugin suffers from a code issue vulnerability that stems from the server not implementing an adequate validation mechanism to...

Fortinet FortiSandbox和Fortinet FortiIsolator 代码问题漏洞

Fortinet FortiSandbox and Fortinet FortiIsolator are both products of Fortinet, Inc.Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting, etc...