CVE-2023-39631

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...

CVE-2023-40980

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...

Security Bulletin: Security vulnerability in IBM Java Object Request Broker (ORB) in FileNet Content Manager

Summary Security vulnerability in IBM Java Object Request Broker ORB in FileNet Content Manager, affected and vulnerable Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the...

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2023-41638

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-41638

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file...

Google Chrome MediaStream Memory Misreference Vulnerability (CNVD-2023-69036)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome MediaStream. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to crash...

CVE-2023-40827

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter...

CVE-2023-38029

Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service...

FreeImage FreeImage_Load function buffer overflow vulnerability

FreeImage is a cross-platform open source library for supporting popular graphic image formats. A buffer overflow vulnerability exists in the FreeImage FreeImageLoad function. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service...

Design/Logic Flaw

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

CVE-2023-39984

UNSUPPORTED WHEN ASSIGNED Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW KeypadDesigner allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to...

CVE-2023-36281

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to loadprompt. This is related to subclasses or a template...

Security Bulletin: Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Linux kernel, libssh, and Java. Vulnerabilities include denial of service, elevated privileges, crashes, execute arbitrary code on the system, obtaining sensitive kernel information, network attacks, bypassing authentication,...

CVE-2023-39094

Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function...

Sql injection

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticketid parameter at ticketdetail.php...

Security Bulletin: Vulnerability in IBM JDK (CVE-2022-40609 ) affects Power HMC

Summary IBM SDK, Java Technology is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the...

CVE-2023-31946

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php...

CVE-2023-38896

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the frommathprompt and fromcoloredobjectprompt functions...