23 matches found
CVE-2026-53577
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint GET /api/v1/tenant/executions/executionId/file/preview contains an access control bypass that allows any authenticated user to read output files from any other executio...
CVE-2023-29924
PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution...
EUVD-2017-3680
Malware in sbrugna...
EUVD-2021-8188
Malicious code in bioql PyPI...
EUVD-2022-29582
Malicious code in bioql PyPI...
CVE-2010-3287
Unspecified vulnerability on HP ProCurve Access Points, Access Controllers, and Mobility Controllers with software 5.1.x through 5.1.9, 5.2.x through 5.2.7, 5.3.x through 5.3.5, and 5.4.x through 5.4.0 allows remote attackers to execute arbitrary code via unknown vectors...
CVE-2024-2359
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /executecode endpoint, which is intended to be blocked from external access by default. However,...
SUSE CVE-2024-52309
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...
CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
PT-2024-20802 · Pdfmake · Pdfmake
Name of the Vulnerable Software and Affected Versions: pdfmake version 0.2.9 Description: An issue in pdfmake allows remote attackers to run arbitrary code via a crafted POST request to the /pdf endpoint. Note that the behavior of the /pdf endpoint is intentional and only available after installi...
CVE-2023-26463
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...
PT-2023-15570 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: Seacms version 12.7 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the ip parameter at the "admin ip.php" endpoint. Recommendations: For Seacms version 12.7, consider restricting access...
Apple Mac OS X Security Update (HT213056)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2021-10336 · Vaethink · Vaethink
Name of the Vulnerable Software and Affected Versions: vaeThink version 1.0.1 Description: A vulnerability in the vae admin rule database table allows attackers to execute arbitrary code via a crafted payload in the condition parameter. Recommendations: For vaeThink version 1.0.1, consider...
PT-2021-4232 · Linux +9 · Linux Kernel +9
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.12.2 Description: The issue is caused by a race condition in the net/bluetooth/hci request.c component of the Linux operating system, resulting from concurrent execution with shared resources and improper...
CVE-2020-7674
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
CVE-2017-17423
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue resul...
[ASA-201612-17] lib32-flashplugin: multiple issues
Arch Linux Security Advisory ASA-201612-17 ========================================== Severity: Critical Date : 2016-12-15 CVE-ID : CVE-2016-7867 CVE-2016-7868 CVE-2016-7869 CVE-2016-7870 CVE-2016-7871 CVE-2016-7872 CVE-2016-7873 CVE-2016-7874 CVE-2016-7875 CVE-2016-7876 CVE-2016-7877 CVE-2016-78...
qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")
Jason Geffner, CrowdStrike Senior Security Researcher reports: VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine VM...
HP Data Protector Express Opcode 0x320 Overflow
Added: 07/23/2012 CVE: CVE-2012-0121 BID: 52431 OSVDB: 80102 Background HP Data Protector Express is a backup and recovery solution for single machines and small networks. Problem A stack overflow vulnerability exists in dpwindtb.dll. Validation of parameters to Opcode 0x320 requests are not...