MobileDetect 跨站脚本漏洞

MobileDetect is a PHP class for detecting mobile devices. A cross-site scripting vulnerability exists in MobileDetect version 2.8.31, which stems from a problem with the initLayoutType function in the file examples/sessionexample.php in the component Example, which can lead to cross-site scriptin...

Malicious borrower can create pool imbalance by tricking the V2 pool to send lesser number of long tokens in exchange for short tokens

Lines of code Vulnerability details Impact Timeswap V2 Pool works on constant product AMM where total long tokens & short tokens follow the equation total long total short = L. Any increase in long tokens has to be accompanied with a proportionate drop in short tokens and viceversa to ensure that...

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. Open the below URL as an...

PT-2023-9869 · Jianlinwei · Cool-Php-Captcha

Name of the Vulnerable Software and Affected Versions: jianlinwei cool-php-captcha versions up to 0.2 Description: A problematic vulnerability was found in the example-form.php file, where the manipulation of the captcha argument with the input %3Cscript%3Ealert1%3C/script%3E leads to cross-site...

cool-php-captcha 跨站脚本漏洞

cool-php-captcha is an application by the individual developer LaoWei. A cross-site scripting vulnerability exists in version 0.2 of cool-php-captcha, which stems from unknown code in the file example-form.php, and can be exploited to cause cross-site scripting using the input of an action-specif...

PT-2023-6704 · WordPress · Pdf Generator For Wordpress

Name of the Vulnerable Software and Affected Versions: PDF Generator for WordPress plugin versions prior to 1.1.2 Description: The issue is related to a Reflected Cross-Site Scripting susceptibility in a vendored dompdf example file included in the PDF Generator for WordPress plugin. This could b...

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

Sql injection

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

PT-2022-24424 · Unknown · Logrocket-Oauth2-Example

Name of the Vulnerable Software and Affected Versions: logrocket-oauth2-example versions prior to 2020-05-27 Description: The issue allows SQL injection via the /auth/register API endpoint, specifically through the username parameter. Recommendations: For versions prior to 2020-05-27, as a...

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

CVE-2022-38488

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions due to improper validation of user Inputs, densefeatures and examplestatedata, resulting in a CHECK fail in SdcaOptimizer...

GHSA-27RC-728F-X5W2 `CHECK` fail via inputs in `SdcaOptimizer`

Impact Inputs densefeatures or examplestatedata not of rank 2 will trigger a CHECK fail in SdcaOptimizer. python import tensorflow as tf tf.rawops.SdcaOptimizer sparseexampleindices=4 tf.random.uniform5,5,5,3, dtype=tf.dtypes.int64, maxval=100, sparsefeatureindices=4 tf.random.uniform5,5,5,3,...

Mozilla: Symlinks may resolve to partially uninitialized buffers

The Mozilla Foundation Security Advisory describes this flaw as: When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is an open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from the fact that entering 'densefeatures' or 'examplestatedata' that is not rank 2 will trigger a 'CHECK' failure in...

Arbitrary Code Execution

apacheairflow is vulnerable to arbitrary code execution. The vulnerability exists in example DAGs of examplebashoperator.py which allows an attacker to execute arbitrary commands via the manually provided runid parameter...

Apache Airflow vulnerable to OS Command Injection via example DAGs

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow versions prior to 2.4.0...

GHSA-6PW3-8H9W-32GC Apache Airflow vulnerable to OS Command Injection via example DAGs

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow versions prior to 2.4.0...