CVE-2024-50716

SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component...

PT-2024-10860 · Applock · Applock

Name of the Vulnerable Software and Affected Versions: Smartphones affected versions not specified Description: The system has a logic judging error under certain scenarios, allowing an attacker to gain certain information from apps locked by Applock if they obtain permission to execute commands ...

PT-2024-17692 · Smartrobot · Smartrobot'S Conversational Ai Platform

Name of the Vulnerable Software and Affected Versions: SmartRobot's Conversational AI Platform versions prior to 7.2.0 Description: A Code Injection vulnerability exists in the groovy script function of SmartRobot's Conversational AI Platform, allowing remote authenticated users to perform...

IBM Security Directory Integrator Operating System Command Injection Vulnerability

IBM Security Directory Integrator is an integrated development environment and runtime service from International Business Machines IBM. IBM Security Directory Integrator suffers from an operating system command injection vulnerability that stems from the application's failure to properly filter...

PT-2025-14719

Name of the Vulnerable Software and Affected Versions Yelp affected versions not specified Description A flaw was found in Yelp, specifically in the Gnome user help application, which allows help documents to execute arbitrary scripts. This issue enables malicious users to input help documents th...

Jinja has a sandbox breakout through indirect reference to format method

An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on th...

Ivanti CSA SQL Injection Vulnerability

Ivanti CSA is a locally deployed virtual appliance from Ivanti that is designed to simplify the integration of IT service management with cloud services and support automated processes to improve operational efficiency. Ivanti CSA suffers from a SQL injection vulnerability that can be exploited b...

Malicious code in lerna-monorepo2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 271f42aae85ac8961f1f78e8a64fb0a39eccde9c8d632a30fb8c1e03968d6d51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-12832

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this...

CVE-2024-12700

There is an unrestricted file upload vulnerability where it is possible for an authenticated user low privileged to upload an jsp shell and execute code with the privileges of user running the web server...

Malicious code in tracking-protection-experiment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7e3c4e6767c5b9de18b97979fd15fbe90fdc3b01d78bb3ce044f224e588787a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Arbitrary Code Execution (ACE)

pnpm is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to mishandling of overrides and global cache, where overrides from one workspace leak into npm metadata saved in global cache, affecting other workspaces, and installs fail to revalidate data, allows an attacker to execu...

CVE-2024-4229

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering...

Malicious code in interview-question (npm)

This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon...

Malicious code in @dz-lib/dz-cli (npm)

This package has a preinstall script to download an execute a Go-variant of the Cobalt Strike beacon. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec9421e5d1892420fe8194f8361f8c856ef3b31d6996e2554d840fc850e59a1e Any computer that has this package installed or...

CVE-2024-12670

CVE-2024-12670 describes a heap-based overflow in Autodesk Navisworks when parsing DWFX files. The issue allows a malicious DWFX to cause a crash, read sensitive data, or execute arbitrary code in the current process, with local access and user interaction required. Connected sources (NVD/Red Hat...

CVE-2024-12178 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

Siemens Opcenter Quality Buffer Overflow Vulnerability

Opcenter Quality is a closed-loop quality management system QMS product family from Siemens designed to ensure compliance and drive continuous improvement to deliver high-quality products. A buffer overflow vulnerability exists in Siemens Opcenter Quality, which can be exploited by an...

Malicious code in orderly-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c6d1816f12ad3d52d2229d938ccf0f5ec2b0f48ba66613c031b72631e23cc77 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ml-interactive-data-augmentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e20810134f19a11553a575cd601700601cf374b00626760c86d6c3905cb0113b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...