11 matches found
CVE-2026-0999
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
CVE-2026-0999 Authentication bypass via userID login when email and username login are disabled
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...
PT-2025-39389
Name of the Vulnerable Software and Affected Versions cors-anywhere affected versions not specified Description Instances of cors-anywhere configured as an open proxy permit unauthenticated external users to initiate HTTP requests to arbitrary targets, leading to Server-Side Request Forgery SSRF...
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
GHSA-WVPX-G427-Q9WC llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
CVE-2024-3098
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
CVE-2024-3098
Summary: CVE-2024-3098 affects the llama_index package, specifically the exec_utils.safe_eval function. The issue enables prompt injection that can lead to arbitrary code execution due to insufficient input validation, effectively bypassing prior constraints (CVE-2023-39662). A validated PoC demo...
CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
CVE-2024-28181
turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...
WS: EJB3 role restrictions are not applied to jaxws handlers
A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...