276 matches found
Exploit for CVE-2025-25599
CVE-2025-25599 Details Bolt is an o...
CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi
E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...
CVE-2024-53844
CVE-2024-53844 affects labsai/eddi (EDDI), a middleware for LLM API bots. The vulnerability is a path traversal in the backup export functionality, exploitable via the botFilename parameter in RestExportService.java. Input is not properly sanitized, allowing attackers to access arbitrary files in...
CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi
E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Summary SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address. PoC 1. Ru...
GHSA-635V-PC42-FR74 AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Description For SageMaker Training Toolkit1 versions 4.7.4; 4.7.3; 4.7.2; 4.7.1; 4.7.0, the authorization tokens for CodeArtifact temporary token with an expiration of 12 hours were logged in the log files when the CodeArtifact capability was enabled. If customers push these log files to their...
CVE-2024-20483
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...
Cisco IOS XR 安全漏洞
Cisco IOS XR is a set of operating systems developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS XR that stems from the software running as a Docker container on hardware supported by the Cisco IOS XR software, which could allow an authenticated, remote...
Exploit for Code Injection in Sqlpad
CVE-2022-0944 SQLPad - Template injection This is a blind vul...
The vulnerability of the API journal of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, allows a attacker to execute arbitrary code.
The vulnerability of the log function API of the deployment and email server management tool based on Docker container technology, mailcow:dockerized, is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
GO-2022-0903 Denial-of-Service within Docker container in ktbs.dev/teler
Denial-of-Service within Docker container in ktbs.dev/teler...
Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover
Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and...
Attackgen - Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework
AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat actor groups and your organisation's details. Star the...
CVE-2024-1355
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
Command injection
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
CVE-2024-1355
CVE-2024-1355 describes a command injection in GitHub Enterprise Server. An attacker with the Management Console editor role could exploit the actions-console docker container to gain admin SSH access to the appliance by manipulating a service URL. Exploitation required access to the GitHub Enter...
CVE-2024-1355 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...
CVE-2023-43016
IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote user to log into the server due to a user account with an empty password. IBM X-Force ID: 266154...
CVE-2024-24760 Mailcow Docker Container Exposure to Local Network
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...
CVE-2024-24760
CVE-2024-24760 affects mailcow, a dockerized mail suite, with exposed dockerized ports. The root issue: containers on a bridged network are reachable from the same subnet even when ports are bound to 127.0.0.1, enabling potential access to exposed ports. Affected versions are prior to 2024-01c. T...