173 matches found
LoLLMs Cross-Site Scripting Vulnerability
LoLLMs is a web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site scripting vulnerability exists in lollms-webui that originates from a vulnerability that allows an attacker to inject malicious script via a chat message and then execute it in the...
Mutt Code Issues Vulnerabilities
Mutt is a text-based mail client for Unix-like systems developed by Michael Elkins. A security vulnerability exists in Mutt due to a null pointer dereference when composing a specially crafted draft message...
PT-2023-6025 · Jenkins · Jenkins Fortify Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: The issue is related to the failure to protect the web page structure, allowing a remote attacker to perform an HTML injection. This occurs because the error message for a form...
Arbitrary file deletion
Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character...
IBM Maximo Asset Management Information Disclosure Vulnerability (CNVD-2023-37167)
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...
CVE-2023-25695 Information disclosure in Apache Airflow
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...
SUSE CVE-2004-0700
Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...
SUSE CVE-2010-1104
Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...
CVE-2022-31741
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
CVE-2022-23537 PJSIP vulnerable to heap buffer overflow when decoding STUN message
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects...
SEMCMS SQL注入漏洞
SEMCMS is a multilingual content management system CMS for foreign trade websites. A SQL injection vulnerability exists in SEMCMS SHOP version 1.1, which stems from a SQL injection issue in AntMessage.php...
多款 GitLab 产品资源管理错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community edition of GitLab. A security vulnerability exists in GitLab Community Edition CE and GitLab Enterprise...
CVE-2022-2080 Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see...
MGASA-2022-0220 Updated firefox/nss/nspr packages fix security vulnerability
A malicious website could have learned the size of a cross-origin resource that supported Range requests CVE-2022-31736. A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash CVE-2022-31737. When exiting fullscreen...
Cybozu Garoon 跨站脚本漏洞
A cross-site scripting vulnerability exists in Message in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...
Important: systemd
Issue Overview: It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINEMAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the...
Arbitrary Code Execution
tt-rss is vulnerable to arbitrary code execution. The vulnerability exists as plugins/afproxyhttp/init.php mishandles the $REQUEST"url" in an error message...
Heap overflow
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity all versions, OPC-Aggregator all versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are...
CVE-2020-27267
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity all versions, OPC-Aggregator all versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are...
Information disclosure
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message...