5608 matches found
GHSA-R67W-F99W-MGXJ ReDoS in Embedchain
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
ReDoS in Embedchain
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
GHSA-RHHJ-5436-95VF Code execution in Embedchain
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2024-23732
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2024-23732
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
Design/Logic Flaw
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
PYSEC-2024-8
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
PYSEC-2024-7
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
Design/Logic Flaw
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
PYSEC-2024-8
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
CVE-2024-23732
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
PT-2024-20042 · Unknown · Embedchain
Name of the Vulnerable Software and Affected Versions: Embedchain versions prior to 0.1.57 Description: The issue allows a ReDoS regular expression denial of service via a long string to json.py. This occurs in the JSON loader of Embedchain. Recommendations: For versions prior to 0.1.57, update t...
CVE-2024-23732
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
CVE-2024-23731
The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...
CVE-2024-23732
CVE-2024-23732 affects the Embedchain JSON loader and is caused by a ReDoS in the json.py path when processing long input strings. The vulnerability is reported in Embedchain versions prior to 0.1.57. According to connected sources, exploitation could allow denial-of-service via crafted input len...
PT-2024-20040
Name of the Vulnerable Software and Affected Versions LlamaHub aka llama-hub versions prior to 0.0.67 Description The OpenAPI and ChatGPT plugin loaders in LlamaHub allow attackers to execute arbitrary code because safe load is not used for YAML. This issue enables attackers to execute arbitrary...
The vulnerability of the password-based protection mechanism of Grub2, a loader for operating systems, allows a hacker to bypass the established access control measures.
The vulnerability of the password-based authentication mechanism of the Grub2 operating system’s loader is related to the ability to bypass authentication through spoofing. Exploiting this vulnerability can allow an attacker to circumvent the established access control measures...
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...
Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Tren...