Furukawa Electric 423-41W/AC 安全漏洞

The Furukawa Electric 423-41W/AC is a wireless router from Furukawa Electric Japan. A security vulnerability exists in the Furukawa Electric 423-41W/AC v1.1.4 prior and LD421-21W v1.3.3 prior, which stems from the presence of a Remote Command Execution RCE vulnerability that could allow an...

CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...

CVE-2023-34127

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics:...

PT-2023-5827 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. The specific flaw exists within the prog.cgi binary, whi...

PT-2023-5831 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. The flaw exists within the prog.cgi binary, which handle...

PT-2023-5822 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. The specific flaw exists within the prog.cgi binary, whi...

CVE-2023-36867 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

...

CVE-2023-33157 Microsoft SharePoint Remote Code Execution Vulnerability

...

PT-2023-3989 · Microsoft · Visual Studio Code Github Pull Requests/Issues Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code GitHub Pull Requests and Issues Extension affected versions not specified Description: The issue is related to errors in processing input data in the Visual Studio Code GitHub Pull Requests and Issues Extension. Exploitatio...

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

CVE-2023-32254

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2TREEDISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...

Google Android Framework code execution vulnerability (CNVD-2023-60937)

Google Android is a Linux-based open source operating system from Google. A code execution vulnerability exists in Google Android Framework, which can be exploited by an attacker to gain elevated privileges on the system...

Milesight UR32L urvpn_client cmd_name_action function command execution vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. A command execution vulnerability exists in the Milesight UR32L urvpnclient cmdnameaction function, which can be exploited by an attacker to execute arbitrary commands on the system...

stealth of funds

Lines of code Vulnerability details CRITICAL Impact The LSP0ERC725Account contract executes calls to specified targets provided in the arguments, the contract can receive native coins using the payable functions or directly transfered since the contract implements a receive function. However, the...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js ejs module code execution vulnerability( CVE-2023-29827)

Summary Potential Node.js ejs module code execution vulnerability CVE-2023-29827 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow...

CVE-2023-36258

An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used...

Command Execution Vulnerability in YouDianCMS of Changsha YouDian Software Technology Co.

YouDianCMS set computer website, mobile website, micro letter, APP, small program in one, share space, data automatic synchronization, is the domestic open source five station one excellent solution. Changsha YouDianCMS has a command execution vulnerability that can be exploited by attackers to...

Pluck 跨站脚本漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev4, which originates from a cross-site scripting XSS vulnerability in file /admin.php. An attacker can exploit the vulnerability by uploading a...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform version 2.4-m-2 and prior versions, which originates from a vulnerability that allows a user with view rights to a documen...

CVE-2023-24261

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request...