Lucene search
K

59 matches found

OSV
OSV
added 2025/01/08 8:44 p.m.7 views

CVE-2024-53995 GHSL-2024-288: SickChill open redirect in login

SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open...

4.8CVSS6.7AI score0.00935EPSS
Exploits0References6
OSV
OSV
added 2024/11/07 5:14 p.m.15 views

GHSA-Q78V-CV36-8FXJ Devtron has SQL Injection in CreateUser API

Summary An authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. Details The API is CreateUser /orchestrator/user. The function to read user input is:...

8.7CVSS8.6AI score0.00748EPSS
Exploits1References4
CVE
CVE
added 2024/10/31 12:0 a.m.73 views

CVE-2024-39721

Ollama

7.5CVSS6.8AI score0.02683EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/10/31 12:0 a.m.22 views

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

0.02683EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/31 12:0 a.m.18 views

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

6.7AI score0.02683EPSS
Exploits1References3
OSV
OSV
added 2024/10/31 12:0 a.m.10 views

CVE-2024-39721

An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely even after the HTTP request is aborted...

7.5CVSS6.8AI score0.02683EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/08/28 8:17 p.m.38 views

CVE-2024-45059 Authenticated SQL Injection in i-Educar

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 branch in the ieducar/intranet/funcionariovinculodet.php file, which creates the query by...

8.8CVSS0.00665EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/08/30 8:8 p.m.40 views

Command Injection Vulnerability in find-exec

Older versions of the package are vulnerable to Command Injection as an attacker controlled parameter. As a result, attackers may run malicious commands. For example: const find = require"find-exec"; find"mplayer; touch hacked" This creates a file named "hacked" on the filesystem. You should neve...

9.8CVSS7.1AI score0.01489EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/17 4:36 p.m.15 views

CVE-2023-37475 Attacker-controlled parameter can cause denial of service in hamba avro

Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's github.com/hamba/avro/v2.Unmarshal can throw a fatal error: runtime: out of memory which is unrecoverable and can cause denial of service of the...

7.5CVSS7.4AI score0.00797EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.4 views

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of speculative pointer dereferences with controlled resource parameter values, which can be...

5.3CVSS6.5AI score0.0072EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.5 views

OrangeScrum 操作系统命令注入漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an operating system command injection vulnerability that originates when the application injects an attacker-controlled parameter...

8.8CVSS8.2AI score0.01381EPSS
Exploits1References3
Prion
Prion
added 2023/01/10 9:15 p.m.26 views

Sql injection

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection...

6.5CVSS8.9AI score0.00644EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/01 12:0 a.m.8 views

CVE-2022-48198

The ntpddriver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System ROS allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled timereftopic...

9.5AI score0.01085EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.5 views

WordPress plugin WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.8CVSS8.5AI score0.26586EPSS
Exploits2References2
Prion
Prion
added 2020/12/15 3:15 p.m.17 views

Memory corruption

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedrecvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size...

2.1CVSS5.5AI score0.00133EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2020/12/15 12:0 a.m.6 views

Google Asylo Buffer Error Vulnerability

Google Asylo is a framework for developing trusted applications from Google Inc. in the United States. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A buffer error vulnerability exists in Google Asylo version 0.6.0 and...

5.5CVSS6.4AI score0.00133EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/04/01 8:39 a.m.5 views

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

6.1CVSS6.7AI score0.05406EPSS
Exploits1References4
Hacker One
Hacker One
added 2019/11/08 2:17 p.m.22 views

Mail.ru: Blind SQL Injection on news.mail.ru

Blind time based SQL injection in news.mail.ru due to insecure use of user-controlled GET parameter...

2AI score
Exploits0
Veracode
Veracode
added 2019/07/19 3:16 a.m.15 views

SQL Injection

salt is vulnerable to SQL injection. User-controlled parameter values are directly concatenated into the update password SQL queries, allowing an attacker to inject arbitrary SQL statements via the user and host parameters...

9.8CVSS9.9AI score0.01883EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2019/04/15 3:29 p.m.8 views

PYSEC-2019-132

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS7.4AI score0.02056EPSS
Exploits1References14Affected Software1
Rows per page
Query Builder