The vulnerability of the Untrusted Project Mode feature in the JetBrains WebStorm integrated development environment allows a hacker to execute arbitrary code.

The vulnerability of the Untrusted Project Mode feature in the JetBrains WebStorm integrated development environment involves loading unreliable external data alongside reliable data. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the software’s user data loading function for running large language models (LLMs) like ChuanhuChatGPT allows a perpetrator to execute arbitrary code.

The vulnerability of the software’s user data loading function for running large language models like ChuanhuChatGPT is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

PT-2024-10337 · Unknown · Gpt Academic

Name of the Vulnerable Software and Affected Versions: GPT Academic affected versions not specified Description: The issue is related to insufficient validation of incoming requests in the data loading function from the arxiv archive of the GPT Academic machine learning application. This can allo...

The vulnerability of Nomad application orchestrators, related to improper external control of the file name or path during data loading, allows attackers to create archives that unpack files according to paths outside the expected distribution directory.

The vulnerability of Nomad application orchestrators is related to incorrect external management of filenames or file paths during data loading. Exploiting this vulnerability allows an attacker to create a archive that unpacks files using paths outside the expected distribution directory...

DEBIAN-CVE-2024-42304

In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creating files in this...

GHSA-VXMC-5X29-H64V Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

Cross-site Scripting

Overview org.webjars.bowergithub.jasny:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary...

Cross-site Scripting

Overview org.fujion.webjars:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary JavaScript code...

AZL-71317 CVE-2024-6485 affecting package reaper for versions less than 3.1.1-22

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

DEBIAN-CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

UBUNTU-CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

CVE-2024-6485

CVE-2024-6485 is a Bootstrap XSS vulnerability in the button component’s data-loading-text attribute. Affected: Bootstrap 3.x (notably Bootstrap 3.x series); impact is cross-site scripting when the loading state is triggered. Mitigation: Debian LTS advisory indicates fixed in 3.4.1+dfsg-2+deb11u1...

CVE-2024-6485

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...

The vulnerability of the TinyMCE plugin in the virtual training environment Moodle, which allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the TinyMCE plugin in the virtual training environment Moodle is related to incorrect external management of file names or file paths during data loading. Exploiting this vulnerability can allow an attacker to gain access to, read, modify, or delete data by sending specially...

CVE-2023-22950

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...

Code injection

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...

CVE-2023-22950

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsqlserver, created by any user with designer permissions, can read sensitive data from arbitrary locations...