CVE-2024-0964 LFI in Gradio

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

CVE-2024-0964

CVE-2024-0964 describes a local-file-inclusion vulnerability in Gradio caused by a vulnerable user-supplied JSON value in an API request. Affected software is the Gradio Python library (noted in multiple sources referencing gradio-app/gradio). The underlying issue is a path traversal/LFI risk tri...

CVE-2024-0964 LFI in Gradio

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request...

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free via the xmlTextReader module. An attacker can cause denial of service by processing crafted XML documents with DTD validation and XInclude expansion enabled...

PT-2024-15944

Name of the Vulnerable Software and Affected Versions Gradio affected versions not specified Description A local file include could be remotely triggered due to a vulnerable user-supplied JSON value in an API request. This issue allows for the potential inclusion of local files, which could lead ...

libxml2 Security Vulnerabilities

libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. A security vulnerability exists in libxml2 prior to version 2.11.7 and version 2.12.x prior to version 2.12.5, which stems from the fact that when using the...

CVE-2024-0945

A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotel...

Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. The issue results from the lack of prope...

SUSE CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

CVE-2023-6971

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of...

CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

DEBIAN-CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

UBUNTU-CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

Cacti security breach

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to obtain data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in Cacti versions prior to 1.2.26,...

CVE-2023-47016

radare2 5.8.9 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian.h...

CVE-2023-47016

radare2 5.8.9 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian.h...

CVE-2023-47016

radare2 5.8.9 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian.h...

CVE-2023-38882

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in 'ForExport.php'...

CVE-2023-6020 Ray Static File Local File Include

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication...

CVE-2023-6013

H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...