Configuration Change Detected (Medium)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

PT-2025-4050 · Unknown · Esafenet Cdg V5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG V5 Description: A problematic issue was found in ESAFENET CDG V5, affecting unknown code of the file "doneDetail.jsp". The manipulation of the curpage argument leads to cross site scripting. The attack can be initiated remotely...

CVE-2024-41721

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution...

MAL-2024-6678 Malicious code in area-code_validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-4326

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

CVE-2024-4326 Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

CVE-2024-4326 Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

CraftBeerPi 4 allows arbitrary code execution

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing arbitrary code execution. This issue affects CraftBeerPi 4:...

CVE-2024-3955 Arbitrary code execution in CraftBeerPi 4

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/httpendpoints/httpsystem.py" is subsequently passed to the "os.system" function in "cbpi/controller/systemcontroller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4:...

Remote Code Execution (RCE)

johnbillion/wp-crontrol is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of PHP code, which can result RCE...

BIT-TENSORFLOW-2021-29576 Heap buffer overflow in `MaxPool3DGradGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow. The...

BIT-TENSORFLOW-2021-41208 Incomplete validation in boosted trees code

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

BIT-LIMESURVEY-2020-16192

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...

Olas can be locked less than 1 week

Lines of code Vulnerability details Impact The minimum lock time for OLAS is 1 week. If a user locks their OLAS for a duration less than that, their voting power becomes zero. However, in OLAS:createLockFor, the system only checks if the unlockTime is greater than the block.timestamp. Consequentl...

CVE-2023-7080

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary cod...

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

CVE-2023-2585

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

Swap Input Validation

Lines of code Vulnerability details Input Validation: - The swap function assumes that fpos and spos are valid positions within the heap. - Ensure that you are providing valid positions, and consider adding checks to verify that fpos and spos are within the bounds of your heap. requirefpos size &...

keycloak: client access via device auth request spoof

Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized acce...

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from Keycloak's device authorization not properly validating the device code and...