Design/Logic Flaw

An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

CVE-2023-31170 Inclusion of Functionality from Untrusted Control Sphere

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

CVE-2023-38169

Microsoft SQL OLE DB Remote Code Execution Vulnerability...

The vulnerability of the linking technology and its implementation of objects within other documents and OLE objects of the Windows operating system allows a perpetrator to perform a denial-of-service attack.

The vulnerability of the object linking and embedding technology in other documents and objects within the OLE object system of the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to perform unauthorized access attemp...

The vulnerability of the OLE Automation technology in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OLE Automation technology in Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

CVE-2023-35323

Windows OLE Remote Code Execution Vulnerability...

CVE-2023-35323

Windows OLE Remote Code Execution Vulnerability...

PT-2023-3920 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient input validation in the Windows OLE technology, which allows binding and embedding objects into other documents and objects. This can lead to remote cod...

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, relates to the possibility of embedding commands that allow a intruder to execute arbitrary code.

The vulnerability of the StruxureWare Data Center Expert monitoring system relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

CVE-2022-44268 This repository contains a Proof of Concept P...

PT-2023-23736 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow affected versions not specified Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...

EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor < 3.8.0 - Sensitive Data Disclosure

The plugin could expose backup files if the web server had Directory Listing enabled...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-32028

Microsoft SQL OLE DB Remote Code Execution Vulnerability...

CVE-2023-29349

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability...

Microsoft OLE Automation Remote code 安全漏洞

Microsoft OLE Automation Remote code is a software application from Microsoft Corporation USA. An automation software. A security vulnerability exists in Microsoft OLE Automation Remote code, which stems from allowing remote code execution and affects the following products and versions:Microsoft...

CVE-2023-32301

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

CVE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

CVE-2023-32301

Discourse prior to versions 3.0.4 (stable) and 3.1.0.beta5 (beta/tests-passed) were affected by a flaw that could allow creation of multiple duplicate topics when topic embedding is enabled. The underlying issue is fixed in Discourse 3.0.4 (stable) and 3.1.0.beta5 (beta/tests-passed). A workaroun...