366 matches found
PT-2025-34806 · Nvidia · Nvidia Nemo Framework
Name of the Vulnerable Software and Affected Versions: NVIDIA NeMo Framework affected versions not specified Description: The NVIDIA NeMo Framework contains an issue in the export and deploy component that could allow an attacker to inject code via malicious data. A successful exploit may lead to...
NVIDIA Nemo Framework 代码注入漏洞
NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA Nemo Framework suffers from a code injection vulnerability that stems from malicious data in the NLP component that could lead to code injection, which in turn could lead to code execution...
NVIDIA NeMo Framework 注入漏洞
NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code injection vulnerability exists in NVIDIA NeMo Framework, which stems from malicious data in the retrieval services component that could lead to code injection, which in turn could lead to code...
PT-2025-34805 · Nvidia · Nvidia Nemo Framework
Name of the Vulnerable Software and Affected Versions: NVIDIA NeMo Framework affected versions not specified Description: The NVIDIA NeMo Framework contains an issue in the NLP component that could allow an attacker to inject code through malicious data. A successful exploit may lead to code...
PT-2025-34126 · Strongdm · Strongdm Macos Client
Name of the Vulnerable Software and Affected Versions: StrongDM macOS client affected versions not specified Description: The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message...
ImageMagick 输入验证错误漏洞
ImageMagick is ImageMagick open source suite of open source image processing software that can read, convert or write images in a variety of formats. ImageMagick suffers from an input validation error vulnerability that stems from an insecure magnification size calculation in ReadOneMNGIMage, whi...
OpenEXR Buffer Overflow Vulnerability (CNVD-2025-24798)
OpenEXR is an open standard for high dynamic range image HDR file formats. A buffer overflow vulnerability exists in OpenEXR version 3.3.2, which stems from incorrect pointer arithmetic leading to an out-of-bounds read operation when decompressing a DWAA compressed scanline EXR file with...
Signature Spoofing
pbkdf2 is vulnerable to Signature Spoofing. The vulnerability is due to improper input validation in the lib/to-buffer.js file, which allows an attacker to bypass signature verification and spoof cryptographic signatures, making malicious data appear authentic...
CVE-2024-47485
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file...
CVE-2024-20334
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...
CVE-2024-47486
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data...
CVE-2021-3210
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter...
CVE-2020-5304
The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...
CVE-2025-2261 TIBCO BPM Enterprise XSS Vulnerability
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application...
CVE-2025-2261 TIBCO BPM Enterprise XSS Vulnerability
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application...
PT-2025-22418 · Tibco · Tibco Activematrix Administrator
Name of the Vulnerable Software and Affected Versions: TIBCO ActiveMatrix Administrator affected versions not specified Description: The issue allows malicious data to appear as part of the website and run within a user's browser under the privileges of the web application. This is due to a Store...
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by...
HTTP Request Smuggling
github.com/clickhouse/ch-go is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper parsing or handling of HTTP requests. Specifically, the vulnerability arises from the way large, uncompressed malicious external data is processed, allowing an attacker to smuggle an addition...
CVE-2025-1386- Query smuggling in ch-go library
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...
CVE-2025-1386 Query smuggling in ch-go library
When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...