25 matches found
Anthropic Claude Code < 2.1.75 Local Privilege Escalation via Insecure Configuration Loading (CVE-2026-35603)
The version of Anthropic Claude Code installed on the remote Windows host is prior to 2.1.75. It is, therefore, affected by a local privilege escalation vulnerability. On Windows, Claude Code loaded system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without...
CVE-2025-33247
NVIDIA Megatron LM is affected by CVE-2025-33247 due to a vulnerability in quantization configuration loading that could allow remote code execution. The security bulletin states this could lead to code execution, elevation of privileges, information disclosure, and data tampering. Affected produ...
NVIDIA Megatron LM 代码问题漏洞
NVIDIA Megatron LM is a deep learning framework developed by NVIDIA Corporation for training large-scale language models and parallel computing. NVIDIA Megatron LM has code-related vulnerabilities; one of these vulnerabilities stems from a remote code execution vulnerability in quantitative...
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...
EUVD-2012-3468
Malware in sbrugna...
EUVD-2020-0094
Malware in sbrugna...
EUVD-2022-3165
Malicious code in bioql PyPI...
CVE-2025-61592
Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...
CVE-2025-36857
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...
PT-2025-39395
Name of the Vulnerable Software and Affected Versions Rapid7 Appspider Pro versions prior to 7.5.021 Description The application has a broken access control issue in how it loads configuration files. Standard users can add custom configuration files, which are loaded alphabetically and can overri...
CVE-2025-50515
An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded...
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
PT-2024-5099 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 HF1 Description: A vulnerability has been identified due to missing server-side input sanitation when loading SNMP configurations, allowing command injection. This could enable an attacker...
Foreman 代码注入漏洞
Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman that originates from allowing an administrator user to set global parameters...
OS Command Injection in jw.util
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
GHSA-H72C-W3Q3-55QQ OS Command Injection in jw.util
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
CVE-2020-13388
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...
Design/Logic Flaw
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...