Lucene search
K

1134 matches found

CNNVD
CNNVD
added 2023/12/29 12:0 a.m.4 views

Winter Path Traversal Vulnerability

Winter is a free, open source, self-hosted CMS platform based on the Laravel PHP framework. A path traversal vulnerability exists in Winter versions prior to 1.2.4, which stems from a vulnerability that allows an attacker to include local files via a LESS compilation of the value provided to the...

5.4CVSS6.6AI score0.30166EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.5 views

PT-2023-31917 · Unknown · Winter Cms

Name of the Vulnerable Software and Affected Versions: Winter CMS versions prior to 1.2.4 Description: The issue concerns a Local File Inclusion vulnerability in Winter CMS, a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can...

5.4CVSS5.3AI score0.30166EPSS
Exploits0References10
Prion
Prion
added 2023/12/22 9:15 p.m.17 views

Stack overflow

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

5CVSS7.6AI score0.00827EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2023/12/22 12:46 p.m.66 views

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamp...

8.8CVSS8.9AI score0.88196EPSS
Exploits2
Veracode
Veracode
added 2023/12/18 7:39 a.m.23 views

Remote Code Execution

org.apache.streampark, streampark is vulnerable to Remote Code Execution. The vulnerability is caused due to a missing check on the compilation parameters of maven used in a project module that is used to integrate Maven's compilation capability. This can lead to an attacker inserting remote...

7.2CVSS7.5AI score0.02299EPSS
Exploits0References6Affected Software1
Kitploit
Kitploit
added 2023/12/16 11:30 a.m.187 views

Nim-Shell - Reverse Shell That Can Bypass Windows Defender Detection

Reverse shell that can bypass windows defender detection $ apt install nim Compilation nim c -d:mingw --app:gui nimshell.nim Change the IP address and port number you want to listen to in the nimshell.nim file according to your device. and listen $ nc -nvlp 4444 Download Nim-Shell...

7.3AI score
Exploits0References3
OSV
OSV
added 2023/12/15 3:30 p.m.29 views

GHSA-QG44-XQWJ-WC28 Apache StreamPark: Authenticated system users could trigger remote command execution

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

7.2CVSS7.1AI score0.02299EPSS
Exploits0References3
NVD
NVD
added 2023/12/15 1:15 p.m.36 views

CVE-2023-49898

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

7.2CVSS0.02299EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 1:15 p.m.25 views

CVE-2023-49898

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

7.2CVSS7.2AI score
Exploits0References1
Talos
Talos
added 2023/12/05 12:0 a.m.58 views

Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1845 Buildroot BRNOCHECKHASHFOR data integrity vulnerability December 5, 2023 CVE Number CVE-2023-43608 SUMMARY A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted...

8.1CVSS8.3AI score0.00819EPSS
Exploits1
OSV
OSV
added 2023/11/25 5:0 p.m.4 views

UBUNTU-CVE-2023-47038

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer...

7.8CVSS7.1AI score0.00832EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/11/25 12:0 a.m.6 views

Perl Buffer Error Vulnerability

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the PERL community. A buffer error vulnerability exists in Perl versions 5.30.0 through 5.38.0 that originates when Perl compiles a carefully crafted regular expression, allowing an attacker to control a byte...

7.8CVSS7.2AI score0.00832EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/11/07 8:38 a.m.9 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS5.7AI score0.00936EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/10/26 1:0 a.m.5 views

SUSE CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

9.3CVSS9AI score0.0052EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.34 views

Debian dla-3618 : node-babel-cli - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3618 advisory. - - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3618-1 [email protected]...

9.3CVSS7.9AI score0.0052EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/10/16 1:55 p.m.59 views

Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

Impact Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluateor path.evaluateTruthy internal Babel methods. Known affected plugins are: - @babel/plugin-transform-runtime -...

9.3CVSS7.1AI score0.0052EPSS
Exploits0References10Affected Software2
Veracode
Veracode
added 2023/10/13 9:29 a.m.49 views

Arbitrary Code Execution

babel is vulnerable to Arbitrary Code Execution . An attacker can trick a user into compiling malicious code which can lead to code injection during compilation, when using specific plugins that rely on internal babel methods. This can lead to bypass of several protection mechanisms posed by the...

9.3CVSS7.7AI score0.0052EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2023/10/12 5:15 p.m.1 views

UBUNTU-CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

9.3CVSS7.2AI score0.0052EPSS
Exploits0References9
Prion
Prion
added 2023/10/05 9:15 p.m.25 views

Design/Logic Flaw

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

5.1CVSS9.5AI score0.01762EPSS
Exploits0References9Affected Software2
UbuntuCve
UbuntuCve
added 2023/10/05 9:15 p.m.60 views

CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

8.1CVSS7AI score0.01762EPSS
Exploits0References10
Rows per page
Query Builder