10 matches found
CVE-2026-22187
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
CVE-2026-22187
Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity...
The vulnerability of the HTML-to-PDF converter spipu/html2pdf allows a hacker to modify the logic of the application’s operation.
The vulnerability of the HTML-to-PDF converter in spipu/html2pdf is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to modify the application’s logic using specially created objects of arbitrary classes...
Prototype Pollution
getsetprop is vulnerable to prototype pollution. The vulnerability is due to improper restrictions on proto or constructor.prototype properties, which allows an attacker to manipulate application logic, potentially leading to denial of service, remote code execution...
CVE-2024-5482
A Server-Side Request Forgery SSRF vulnerability exists in the 'addwebpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs,...
CVE-2024-5482
CVE-2024-5482 describes a Server-Side Request Forgery in the Parisneo/Lollms-WebUI - specifically the add_webpage/add webpage endpoint. The issue arises from insufficient URL validation, allowing attackers to supply arbitrary URLs (including localhost/127.0.0.1) and trigger unauthorized requests ...
CVE-2024-5482 SSRF in add_webpage endpoint in parisneo/lollms-webui
A Server-Side Request Forgery SSRF vulnerability exists in the 'addwebpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs,...
CVE-2024-5482 SSRF in add_webpage endpoint in parisneo/lollms-webui
A Server-Side Request Forgery SSRF vulnerability exists in the 'addwebpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs,...
CVE-2020-25236
A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions, LOGO! 24CE 6ED1052-1CC08-0BA1 All versions, LOGO! 24CEo...
phpBB 2.0.x - profile.php SQL Injection
phpBB 2.0.x - profile.php SQL Injection source: https://www.securityfocus.com/bid/8994/info A SQL injection vulnerability has been reported for phpBB systems. phpBB, in some cases, does not sufficiently sanitize user-supplied input, which is used when constructing SQL queries to execute on the...