13 matches found
EUVD-2024-54695
Malicious code in bioql PyPI...
EUVD-2023-43062
Malicious code in bioql PyPI...
CVE-2024-56731 Gogs deletion of internal files allows remote command execution
Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instanc...
CVE-2025-1451
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2025-1451
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2025-1451
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
CVE-2025-1451 Insufficient Patch Leading to DoS in parisneo/lollms-webui
A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...
BIT-NODE-MIN-2023-39331
A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...
CVE-2023-39331
A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...
CVE-2021-43843 Insufficient patch for Regular Expression Denial of Service (ReDoS) to jsx-slack v4.5.1
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...
Solaris 2.5.1 - automount Local Privilege Escalation
Solaris 2.5.1 - automount Local Privilege Escalation / source: https://www.securityfocus.com/bid/235/info The automounter daemon automountd answers file system mount and unmount requests from the autofs filesystem via RPC. A vulnerability has been discovered that may allow an unauthorized user to...
Solaris 2.5.1 - 'automount' Local Privilege Escalation
/ source: https://www.securityfocus.com/bid/235/info The automounter daemon automountd answers file system mount and unmount requests from the autofs filesystem via RPC. A vulnerability has been discovered that may allow an unauthorized user to send arbitrary commands to the automounter daemons...