11 matches found
VulnCheck KEV: CVE-2024-55890
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...
EUVD-2025-31753
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize...
CVE-2024-47879
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...
TDuckPro 授权问题漏洞
TDuckCloud TDuckPro is an out-of-the-box data collection tool from TDuckCloud that supports data collection, questionnaires, appointment enrollment, workflow approvals, form collections, public inquiries, OCR image recognition, and other high-level features. An authorization issue vulnerability...
GHSA-X4GP-PQPJ-F43Q curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...
The vulnerability in the /libLAS/apps/ts2las.cpp component of the libLAS library, which is used for reading and writing geospatial data. This vulnerability allows a attacker to cause a service failure.
The vulnerability in the /libLAS/apps/ts2las.cpp component of the libLAS library for reading and writing geospatial data is related to memory release errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Intel Computing Improvement Program’s data collection tool lies in its uncontrolled search path, which allows attackers to escalate their privileges.
The vulnerability of the Intel Computing Improvement Program’s data collection tool is related to an uncontrollable element in the search process. Exploiting this vulnerability could allow attackers to enhance their privileges...
The vulnerability of the Intel Setup and Configuration Software (SCS) data collection tool for the System Center Configuration Manager software platform, related to improperly used standard permissions, allows a perpetrator to increase their privileges.
The vulnerability of the Intel Setup and Configuration Software SCS data collection tool for the System Center Configuration Manager IT infrastructure management software is related to the improper use of standard permissions. Exploiting this vulnerability can allow attackers to increase their...
TIBCO Software EBX Cross-Site Scripting Vulnerability
TIBCO Software EBX is a software from TIBCO Software, Inc. that supports integration to manage enterprise data assets. A security vulnerability exists in TIBCO Software EBX, which is caused by a stored cross-site scripting XSS vulnerability in the Web Application component. Affected products and...
Design/Logic Flaw
OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue...
The vulnerability of the Oracle GoldenGate data flow management tool allows a attacker to compromise the integrity, availability, and confidentiality of information.
The vulnerability of the Oracle GoldenGate data management component is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to compromise the integrity, availability, and confidentiality of information...