6 matches found
EUVD-2026-35347
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...
CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...
EUVD-2023-34932
Malicious code in bioql PyPI...
Remote code execution in mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...
GHSA-5Q6C-FFVG-XCM9 Remote code execution in mlflow
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...
WordPress InfiniteWP Admin Panel 2.8.0 Command Injection
------------------------------------------------------------------------ Command injection in InfiniteWP Admin Panel ------------------------------------------------------------------------ Sipke Mellema, July 2016 ------------------------------------------------------------------------ Abstract...