Exploit for CVE-2024-8504

ViciDial Exploit Suite Author: Havok Project URL: Vi...

auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

Summary Unescaped entity property enables Javascript injection. Details I think this is possible because %sourcelabel% in twig macro is not escaped. Therefore script tags can be inserted and are executed. PoC - clone example project https://github.com/DamienHarper/auditor-bundle-demo - create...

BIT-AIRFLOW-2024-45498 Apache Airflow: Command Injection in an example DAG

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

Exploit for Missing Authorization in Sonaar Mp3_Audio_Player_For_Music\,_Radio_\&_Podcast

CVE-2024-7856 ★ CVE-2024-7856 Arbitrary File deletion PoC ★...

PYSEC-2024-266

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

CVE-2024-45498 Apache Airflow: Command Injection in an example DAG

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

CVE-2024-45498

CVE-2024-45498 concerns the Apache Airflow project. The vulnerability affects the example DAG named example_inlet_event_extra.py shipped with Airflow 2.10.0, where an authenticated attacker with only DAG-trigger permissions can execute arbitrary commands. Multiple sources (NVD, Red Hat, VERACODE,...

CVE-2024-45498 Apache Airflow: Command Injection in an example DAG

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

Apache Airflow 安全漏洞

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache USA Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow version 2.10.0, which stems from mishandling in the...

PT-2024-31664 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow version 2.10.0 Description: The issue allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. This is related to the example DAG example inlet event extra.py shipped with Apache Airflow...

Malicious code in dependency-confusion-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 229d38e7d2d3105bfcd37f65885ebaebcf9746721aba7bdec84e88810b454ee0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in example-pypi-package-loler1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bb19218b6d780973bde55d613a16a9a637728a4d01e79d570bb3406633f0f639 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Spring AI with NVIDIA LLM API

Spring AI now supports NVIDIA's Large Language Model API, offering integration with a wide range of models. By leveraging NVIDIA's OpenAI-compatible API, Spring AI allows developers to use NVIDIA's LLMs through the familiar Spring AI API. We'll explore how to configure and use the Spring AI OpenA...

Spring AI with Groq - a blazingly fast AI inference engine

Faster information processing not only informs - it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with support for Tool/Function calling...

Malicious code in example-vizsla-tutorial (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d5047acdff9541b0968719265aafdedb63d94f9adb9889f60c8705ada8c58966 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-1973 Malicious code in example-vizsla-tutorial (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d5047acdff9541b0968719265aafdedb63d94f9adb9889f60c8705ada8c58966 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Spring AI with Ollama Tool Support

Earlier this week, Ollama introduced an exciting new feature: tool support for Large Language Models LLMs. Today, we're thrilled to announce that Spring AI 1.0.0-SNAPSHOT has fully embraced this powerful feature, bringing Ollama's function calling capabilities to the Spring ecosystem. Ollama's to...

CVE-2024-39497 drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fix BUGON on mmapPROTWRITE, MAPPRIVATE Lack of check for copy-on-write COW mapping in drmgemshmemmmap allows users to call mmap with PROTWRITE and MAPPRIVATE flag causing a kernel panic due to BUGON in...

Spring AI - Groq AI inference

Faster information processing not only inform—it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with supports for Tool/Function calling. Because...

phonenumber: panic on parsing crafted phonenumber inputs

Impact The phonenumber parsing code may panic due to a reachable assert! guard on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form...