5909 matches found
ROS-20240423-05
The FreeIpa server kinit command context vulnerability is related to sending HTTP requests with parameters, that can be interpreted as command arguments to kinit. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service to the system...
ROS-20240423-07
The aiohttp HTTP client vulnerability is related to an incorrect restriction of the path name to a directory with restricted access. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information The aiohttp HTTP client vulnerability...
CVE-2024-32657
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657
CVE-2024-32657 affects Hydra, the CI service for Nix-based projects. The vulnerability arises from a feature that lets Nix builds specify files served to clients, with HTML build artifacts being exploitable in the browser context and capable of triggering arbitrary code execution when viewed. Imp...
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
The vulnerability of the Radio Scheduling function in wireless access points Tp-Link AC1350 and Tp-Link N300 allows a hacker to execute arbitrary code.
The vulnerability of the Radio Scheduling function in Tp-Link AC1350 and Tp-Link N300 wireless access points is related to the execution of operations outside the buffer during the processing of the profile parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary cod...
Ubuntu: Security Advisory (USN-6735-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
CVE-2024-3400 RCE Test Script Overview This Python script...
PT-2024-24366 · Opentelemetry · Opentelemetry.Instrumentation.Aspnetcore +1
Name of the Vulnerable Software and Affected Versions: OpenTelemetry.Instrumentation.Http versions prior to 1.8.1 OpenTelemetry.Instrumentation.AspNetCore versions prior to 1.8.1 Description: The issue concerns the OpenTelemetry.Instrumentation.Http and OpenTelemetry.Instrumentation.AspNetCore...
Cisco Identity Services Engine Server-Side Request Forgery (cisco-sa-ise-ssrf-FtSTh5Oz)
According to its self-reported version, Cisco Identity Services Engine Server-Side Request Forgery is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side...
Unspecified Vulnerability in TP-LINK AC1350 (CNVD-2024-23784)
The TP-LINK AC1350 is a router from China P&L TP-LINK. The TP-LINK AC1350 contains a security vulnerability that can be exploited by an attacker to cause remote code execution via a series of specially crafted HTTP requests...
Unspecified Vulnerability in TP-LINK AC1350 (CNVD-2024-20287)
The TP-LINK AC1350 is a router from China P&L TP-LINK. The TP-LINK AC1350 suffers from a security vulnerability that can be exploited by an attacker to cause remote code execution via a series of specially crafted HTTP requests...
CVE-2024-1481 Freeipa: specially crafted http requests potentially lead to denial of service
A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service...
CVE-2024-2217
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...
CVE-2024-2217
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...
CVE-2024-1741
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...
CVE-2024-1741
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by...
CVE-2024-1741
CVE-2024-1741 affects lunary-ai/lunary v1.0.1, with an improper authorization flaw enabling removed members to read, create, modify, and delete prompt templates by reusing an old authorization token. The issue allows operations on prompt templates despite removal from an organization, via HTTP re...
CVE-2024-2217 Improper Access Control in gaizhenbiao/chuanhuchatgpt
gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys...