CVE-2023-40956

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component...

Cloudroits Website Job Search SQL Injection Vulnerability

Cloudroits Website Job Search is a website backend from Cloudroits, Inc. A security vulnerability exists in Cloudroits Website Job Search version v.15.0 that could allow an authenticated, remote attacker to execute arbitrary code via the name parameter in the controllers/main.py component...

Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

CVE-2023-29198 Context isolation bypass via nested unserializable return value in Electron

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using contextIsolation and contextBridge are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach...

The vulnerability of the `process.mainModule.proto.require()` function in the Node.js software platform allows a attacker to compromise the integrity of the protected information.

The vulnerability of the process.mainModule.proto.require function in the Node.js software platform is related to authentication errors. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information...

DEBIAN-CVE-2021-32422

dpic 2021.01.01 has a Global buffer overflow in theyylex function in main.c and reads out of the bound array...

dpic 安全漏洞

dpic is an implementation of the pic language. A security vulnerability exists in dpic version 2021.01.01, which stems from a buffer overflow vulnerability in the theyylex method of the main.c file...

CVE-2023-2317 Typora DOM-Based Cross-site Scripting leading to Remote Code Execution

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

Control ID IDSecure Security Vulnerability

Control ID IDSecure is software from Control ID that controls access to company personnel and vehicles of all sizes. A security vulnerability exists in Control ID IDSecure version 4.7.26.0 and prior versions that stems from the presence of an uncaught exception. An attacker exploiting this...

CVE-2023-39113

ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga...

Code injection

An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code...

PT-2023-24628 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 16.0.8 GitLab versions 16.1 prior to 16.1.3 GitLab versions 16.2 prior to 16.2.2 Description: An issue has been discovered in GitLab where the main branch of a repository with a specially designed name allows an...

ngiflib Security Vulnerabilities

ngiflib is a library for decoding the GIF image format written in C. It has a vulnerability that stems from a segmentation error in the main method of the gif2tag.c file. A security vulnerability exists in ngiflib, which is caused by a segmentation error in the main method of the gif2tag.c file...

CVE-2023-39113

ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga...

CVE-2023-39113

CVE-2023-39113 affects ngiflib (a C library for decoding GIFs). The vulnerability is a segmentation fault in the main function of gif2tag.c, triggered when running the gif2tga tool. Documented impact indicates a segmentation fault (availability impact) but does not provide exploitable vectors, af...

GitLab 0 < 16.0.8 / 16.1.0 < 16.1.3 / 16.2.0 < 16.2.2 (CVE-2023-3401)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a reposito...

CVE-2023-36091

Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgimain in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...